What is CVE-2017-12730?

CVE-2017-12730 is a high-severity vulnerability in Myscada Mypro, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2017-10-06.

How severe is CVE-2017-12730?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Myscada Mypro

CVE-2017-12730

An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.

EPSS: 0.001 (28.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Myscada Mypro
N/a Myscada Mypro — versions mySCADA myPRO

Weakness classification (CWE)

CWE-428 — Unquoted Search Path or Element

References

ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC, Mitigation)

Frequently asked questions

What is CVE-2017-12730?: CVE-2017-12730 is a high-severity vulnerability in Myscada Mypro, classified under Unquoted Search Path or Element. CVSS score: 7.8/10. Published 2017-10-06.
How severe is CVE-2017-12730?: High severity. CVSS v3 base score is 7.8 out of 10.