3 matches found
CVE-2021-22657 mySCADA myPRO
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter...
CVE-2021-22657
CVE-2021-22657 affects mySCADA myPRO, with versions 8.20.0 and earlier vulnerable to OS command injection through a parameter (API password or related field). The root cause is improper handling/neutralization of input that allows an attacker to execute arbitrary commands on the underlying system...
mySCADA myPRO
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, OS Command...