CVE-2017-12730
published 2017-10-06CVE-2017-12730: An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which…
PriorityP338high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.73%
49.7th percentile
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | <= 7.0.26 | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m2x6-rrgv-9p5h: An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7
ghsa_unreviewed·2022-05-13
CVE-2017-12730 [HIGH] CWE-428 GHSA-m2x6-rrgv-9p5h: An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
CISA ICS
mySCADA myPRO
cisa_ics·2017-09-12
mySCADA myPRO
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
mySCADA myPRO
Last RevisedSeptember 12, 2017
Alert CodeICSA-17-255-01
## CVSS v3 7.8
ATTENTION: Low skill level to exploit. Public exploits are available.
Vendor: mySCADA
Equipment: myPRO
Vulnerability: Unquoted Search Path
## AFFECTED PRODUCTS
The following versions of myPRO, an HMI/SCADA management platform, are affected:
- myPRO Versions 7.0.26 and prior.
## IMPACT
Successful exploitation of this vulnerability may allow an authenticated, but nonprivileged, local user to execute arbitrary code with elevated privileges.
## MITIGATION
mySCADA has released new versions
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-10-06
Published