Vulnerabilities > Myscada > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-43984 | OS Command Injection vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 7.5 |
| 2021-12-23 | CVE-2021-43985 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Myscada Mypro 7/7.0.26 An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | 7.5 |
| 2021-12-23 | CVE-2021-43987 | Hidden Functionality vulnerability in Myscada Mypro 7/7.0.26 An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | 7.5 |
| 2021-12-23 | CVE-2021-43989 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Myscada Mypro 7/7.0.26 mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | 7.5 |
| 2017-10-06 | CVE-2017-12730 | Unquoted Search Path or Element vulnerability in Myscada Mypro 7/7.0.26 An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. | 7.2 |