CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44453 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-44453
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una interfaz de depuración vulnerable que incluye una utilidad ping, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43984 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-43984
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO: Versiones 8.20.0 y anteriores, presenta una función en la que es posible actualizar el firmware, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22657 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-22657
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una función en la que es posible especificar la contraseña de la API, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43987 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-43987
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. Se presenta una cuenta administrativa adicional, no documentada en mySCADA myPRO versiones 8.20.0 y anteriores, que no está expuesta mediante la interfaz web y que no puede ser eliminada o modificada mediante la interfaz web normal • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-912: Hidden Functionality •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23198 – mySCADA myPRO
https://notcve.org/view.php?id=CVE-2021-23198
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO: Versiones 8.20.0 y anteriores, presentan una función en la que es posible especificar la contraseña, que puede permitir a un atacante inyectar comandos arbitrarios del sistema operativo mediante un parámetro específico • https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •