Lucene search
K

316 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.7 views

CVE-2021-41578

mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead ...

7.8CVSS7.3AI score0.10445EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:50 a.m.8 views

CVE-2018-11517

mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0=0 requests to TCP port 11010...

5.3CVSS7AI score0.02091EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/03/19 6:59 a.m.25 views

Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition SCADA system used in operational technology OT environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities,...

9.3CVSS8.7AI score0.01232EPSS
Exploits0
Metasploit
Metasploit
added 2025/02/25 6:53 p.m.525 views

mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)

Credential Harvester in MyPRO Manager use auxiliary/admin/scada/mypromgrcreds msf auxiliarymypromgrcreds show actions ...actions... msf auxiliarymypromgrcreds set ACTION msf auxiliarymypromgrcreds show options ...show and set options... msf auxiliarymypromgrcreds run class MetasploitModule 'mySCA...

10CVSS7.4AI score0.06818EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2025/02/19 12:0 a.m.11 views

mySCADA myPRO Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 34022 by default. The issue results from the la...

9.8CVSS7.5AI score0.01232EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/02/19 12:0 a.m.13 views

mySCADA myPRO Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of mySCADA myPRO. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 34022 by default. The issue results from the la...

9.8CVSS7.5AI score0.01232EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/18 12:0 a.m.12 views

mySCADA myPRO Access Control Error Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. An access control error vulnerability exists in mySCADA myPRO that originates from accessing the management interface without authentication. An attacker could exploit...

10CVSS6.4AI score0.06818EPSS
Exploits1References1
CNVD
CNVD
added 2025/02/18 12:0 a.m.12 views

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2025-03918)

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO that originates from not properly validating input. An attacker could exploit this...

9.8CVSS7.8AI score0.01731EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/18 12:0 a.m.9 views

mySCADA myPRO Cross-Site Request Forgery Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. A cross-site request forgery vulnerability exists in mySCADA myPRO that stems from not properly validating a request. An attacker could exploit this vulnerability to...

6.5CVSS6.5AI score0.00559EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/18 12:0 a.m.10 views

mySCADA myPRO Information Disclosure Vulnerability

mySCADA myPRO is a professional HMI/SCADA system from mySCADA designed for the visualization and control of industrial processes. An information disclosure vulnerability exists in mySCADA myPRO that originates from storing credentials in plaintext. An attacker could exploit this vulnerability to...

9.2CVSS6.2AI score0.03353EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.8 views

The vulnerability of the mySCADA myPRO Manager platform, which exists due to the failure to take measures to neutralize certain elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the mySCADA myPRO Manager platform exists due to the failure to take measures to neutralize certain elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

10CVSS8.3AI score0.01731EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.6 views

The vulnerability of the mySCADA myPRO Manager platform, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.

The vulnerability of the mySCADA myPRO Manager platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

7.5CVSS5.2AI score0.00559EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/17 12:0 a.m.8 views

The vulnerability in the web interface of the mySCADA myPRO Manager platform allows a perpetrator to gain unauthorized access to the software.

The vulnerability in the web interface of the mySCADA myPRO Manager control platform is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the software...

10CVSS8.1AI score0.06818EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/15 10:20 p.m.12 views

CVE-2025-25067

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands...

9.8CVSS8AI score0.01731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/15 10:20 p.m.12 views

CVE-2025-24865

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...

10CVSS6.7AI score0.06818EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/15 10:20 p.m.10 views

CVE-2025-22896

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information...

9.2CVSS6.6AI score0.03353EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2025/02/14 8:20 p.m.16 views

Metasploit Weekly Wrap-Up 02/14/2025

New module content 2 Unauthenticated RCE in NetAlertX Authors: Chebuya Rhino Security Labs and Takahiro Yokoyama Type: Exploit Pull request: 19868 contributed by Takahiro-Yoko Path: linux/http/netalertxrcecve202446506 AttackerKB reference: CVE-2024-46506 Description: A new module for an...

10CVSS10AI score0.64168EPSS
Exploits9
OSV
OSV
added 2025/02/13 10:15 p.m.2 views

CVE-2025-25067

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands...

9.8CVSS7.8AI score0.01731EPSS
Exploits0References3
OSV
OSV
added 2025/02/13 10:15 p.m.4 views

CVE-2025-24865

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...

9.8CVSS5.8AI score0.06818EPSS
Exploits1References3
NVD
NVD
added 2025/02/13 10:15 p.m.16 views

CVE-2025-24865

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password...

10CVSS0.06818EPSS
Exploits1References3
Rows per page
Query Builder