Vulnerabilities > Myscada > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-02 | CVE-2024-4708 | Use of Hard-coded Credentials vulnerability in Myscada Mypro mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | 9.8 |
| 2021-12-23 | CVE-2021-22657 | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 9.8 |
| 2021-12-23 | CVE-2021-23198 | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 9.8 |
| 2021-12-23 | CVE-2021-43981 | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 9.8 |
| 2021-12-23 | CVE-2021-43984 | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 9.8 |
| 2021-12-23 | CVE-2021-43985 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Myscada Mypro 7/7.0.26 An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | 9.8 |
| 2021-12-23 | CVE-2021-43987 | Hidden Functionality vulnerability in Myscada Mypro 7/7.0.26 An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | 9.8 |
| 2021-12-23 | CVE-2021-44453 | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | 9.8 |
| 2018-05-20 | CVE-2018-11311 | Use of Hard-coded Credentials vulnerability in Myscada Mypro 7.0 A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. | 9.1 |