Myscada Mypro Runtime
7 CVEs affecting Myscada Mypro Runtime. Latest disclosed: 2025-01-29. Critical: 5, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-52034 | Critical | 10.0 | 2024-11-22 | An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to injec… |
CVE-2024-47407 | Critical | 10.0 | 2024-11-22 | A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arb… |
CVE-2025-20061 | Critical | 9.8 | 2025-01-29 | mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker t… |
CVE-2025-20014 | Critical | 9.8 | 2025-01-29 | mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker… |
CVE-2024-47138 | Critical | 9.8 | 2024-11-22 | The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. |
CVE-2024-45369 | High | 8.1 | 2024-11-22 | The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. |
CVE-2024-50054 | High | 7.5 | 2024-11-22 | The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and… |