Filtered by vendor Myscada
Subscribe
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41578 | 1 Myscada | 1 Mydesigner | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. | |||||
| CVE-2021-33013 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 8.2 HIGH |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | |||||
| CVE-2021-33009 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. | |||||
| CVE-2021-33005 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | |||||
| CVE-2021-27505 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. | |||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-22657 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2018-11517 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. | |||||
| CVE-2018-11311 | 1 Myscada | 1 Mypro | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | |||||