CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27505 – mySCADA myPRO Exposure of Information Through Directory Listing
https://notcve.org/view.php?id=CVE-2021-27505
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. mySCADA myPRO versiones anteriores a 8.20.0, no restringen el acceso de lectura no autorizado a la información confidencial del listado de directorios • https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 https://www.myscada.org/version-8-20-0-released-security-update • CWE-548: Exposure of Information Through Directory Listing •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0999 – mySCADA myPRO Command Injection
https://notcve.org/view.php?id=CVE-2022-0999
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. Un usuario autenticado puede ser capaz de usar inapropiadamente los parámetros para inyectar comandos arbitrarios del sistema operativo en mySCADA myPRO versiones 8.25.0 y anteriores • https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43985 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-43985
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. Un atacante remoto no autenticado puede acceder a mySCADA myPRO Versiones 8.20.0 y anteriores, sin ninguna forma de autenticación o autorización • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43989 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-43989
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. mySCADA myPRO: Versiones 8.20.0 y anteriores, almacenan las contraseñas usando MD5, que puede permitir a un atacante descifrar los hashes de las contraseñas recuperadas previamente • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43981 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-43981
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una funcionalidad para enviar correos electrónicos, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •