CVE-2018-11311
mySCADA myPRO 7 - Hardcoded Credentials
Severity Score
9.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
Un usuario FTP embebido de myscada y contraseƱa embebida de Vikuk63 en myscadagate.exe en mySCADA myPRO 7 permite que atacantes remotos accedan al servidor FTP en el puerto 2121 y suban archivos o directorios de lista introduciendo estas credenciales.
mySCADA myPRO version 7 has a hardcoded FTP username and password.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-05-19 CVE Reserved
- 2018-05-20 CVE Published
- 2020-06-25 First Exploit
- 2024-04-29 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf | Mitigation | |
| https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password | Mitigation |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/48620 | 2020-06-25 | |
| https://www.exploit-db.com/exploits/44656 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|