Myscada Mypro
16 CVEs affecting Myscada Mypro. Latest disclosed: 2025-06-11. Critical: 8, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-43981 | Critical | 10.0 | 2021-12-23 | mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a spec… |
CVE-2021-44453 | Critical | 10.0 | 2021-12-23 | mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operat… |
CVE-2021-43984 | Critical | 10.0 | 2021-12-23 | mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system comm… |
CVE-2021-22657 | Critical | 10.0 | 2021-12-23 | mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating syste… |
CVE-2021-23198 | Critical | 10.0 | 2021-12-23 | mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system co… |
CVE-2024-4708 | Critical | 9.8 | 2024-07-02 | mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. |
CVE-2021-43987 | Critical | 9.8 | 2021-12-23 | An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cann… |
CVE-2021-43985 | Critical | 9.1 | 2021-12-23 | An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. |
CVE-2022-0999 | High | 8.8 | 2022-04-11 | An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. |
CVE-2021-33013 | High | 8.2 | 2022-05-13 | mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. |
CVE-2017-12730 | High | 7.8 | 2017-10-06 | An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which coul… |
CVE-2021-33009 | High | 7.5 | 2022-05-13 | mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. |
CVE-2021-33005 | High | 7.5 | 2022-05-13 | mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. |
CVE-2021-27505 | High | 7.5 | 2022-05-13 | mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. |
CVE-2021-43989 | High | 7.5 | 2021-12-23 | mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. |
CVE-2025-35941 | Medium | 5.5 | 2025-06-11 | A password is exposed locally. |