CVE-2024-4708 – mySCADA myPRO Use of Hard-coded Password
https://notcve.org/view.php?id=CVE-2024-4708
mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. mySCADA myPRO utiliza una contraseña codificada que podría permitir a un atacante ejecutar código de forma remota en el dispositivo afectado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to execute code in the context of the service account. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 https://www.myscada.org/mypro • CWE-259: Use of Hard-coded Password •
CVE-2023-28400 – CVE-2023-28400
https://notcve.org/view.php?id=CVE-2023-28400
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-28716 – CVE-2023-28716
https://notcve.org/view.php?id=CVE-2023-28716
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-28384 – CVE-2023-28384
https://notcve.org/view.php?id=CVE-2023-28384
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-29169 – CVE-2023-29169
https://notcve.org/view.php?id=CVE-2023-29169
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •