Lucene search

Emre ÖVÜNÇEDB-ID:48620

HistoryJun 25, 2020 - 12:00 a.m.

mySCADA myPRO 7 - Hardcoded Credentials

2020-06-2500:00:00

Emre ÖVÜNÇ

www.exploit-db.com

568

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.4 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

# Exploit Title: mySCADA myPRO v7 Hardcoded Credentials
# Date: 2018-07-02
# Exploit Author: Emre ÖVÜNÇ
# Vendor Homepage: http://myscada.org
# Software Link: https://www.myscada.org/mypro/
# Version: v7.0.45
# Tested on: Windows/Linux
# CVE-2018-11311
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11311
# https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password

# PoC

ftp [IP] 2121

username: myscada

password: Vikuk63

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.4 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for EDB-ID:48620