CVE-2023-29150 – CVE-2023-29150
https://notcve.org/view.php?id=CVE-2023-29150
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2022-2234 – mySCADA myPRO Command Injection
https://notcve.org/view.php?id=CVE-2022-2234
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. Un usuario autenticado de mySCADA myPRO versión 8.26.0, puede ser capaz de modificar parámetros para ejecutar comandos directamente en el sistema operativo. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-33013 – mySCADA myPRO Improper Access Control
https://notcve.org/view.php?id=CVE-2021-33013
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. mySCADA myPRO versiones anteriores a la 8.20.0, no restringen el acceso de lectura no autorizado a la información confidencial del sistema • https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 https://www.myscada.org/version-8-20-0-released-security-update • CWE-284: Improper Access Control CWE-862: Missing Authorization •
CVE-2021-33009 – mySCADA myPRO Unrestricted Upload of File with Dangerous Type
https://notcve.org/view.php?id=CVE-2021-33009
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. mySCADA myPRO versiones anteriores a la 8.20.0, permiten a un atacante remoto no autentificado cargar archivos arbitrarios en el sistema de archivos • https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 https://www.myscada.org/version-8-20-0-released-security-update • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-33005 – mySCADA myPRO Path Traversal
https://notcve.org/view.php?id=CVE-2021-33005
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. mySCADA myPRO versiones anteriores a la 8.20.0, permiten a un atacante remoto no autentificado cargar archivos arbitrarios en directorios arbitrarios • https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 https://www.myscada.org/version-8-20-0-released-security-update • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •