What is CVE-2021-43987?

CVE-2021-43987 is a critical-severity vulnerability in Myscada Mypro, classified under Hidden Functionality. CVSS score: 9.8/10. Published 2021-12-23.

How severe is CVE-2021-43987?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Myscada Mypro

CVE-2021-43987

An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.

EPSS: 0.002 (45.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Myscada Mypro — versions All

Weakness classification (CWE)

CWE-912 — Hidden Functionality

References

www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-43987?: CVE-2021-43987 is a critical-severity vulnerability in Myscada Mypro, classified under Hidden Functionality. CVSS score: 9.8/10. Published 2021-12-23.
How severe is CVE-2021-43987?: Critical severity. CVSS v3 base score is 9.8 out of 10.