Vulnerabilities > Myscada
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-43987 | Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0 An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | 9.8 |
| 2021-12-23 | CVE-2021-43989 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Myscada Mypro 7/7.0.26/8.20.0 mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | 7.5 |
| 2021-12-23 | CVE-2021-44453 | Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0 mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | 9.8 |
| 2021-11-19 | CVE-2021-43555 | Path Traversal vulnerability in Myscada Mydesigner mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. | 7.8 |
| 2021-10-04 | CVE-2021-41578 | Path Traversal vulnerability in Myscada Mydesigner mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. | 7.8 |
| 2018-05-28 | CVE-2018-11517 | Information Exposure vulnerability in Myscada Mypro 7.0 mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. | 5.3 |
| 2018-05-20 | CVE-2018-11311 | Use of Hard-coded Credentials vulnerability in Myscada Mypro 7.0 A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | 9.1 |
| 2017-10-06 | CVE-2017-12730 | Unquoted Search Path or Element vulnerability in Myscada Mypro 7/7.0.26 An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. | 7.8 |