cbcvebase.
CVE-2018-11311
published 2018-05-20

CVE-2018-11311: A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port…

PriorityP274critical9.1CVSS 3.0
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
15.93%
96.5th percentile
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.

Affected

1 ranges
VendorProductVersion rangeFixed in
myscadamypro

Detection & IOCsextracted from sources · hover to see the quote

filenamemyscadagate.exe
port2121
otherusername: myscada
otherpassword: Vikuk63
commandftp [IP] 2121
  • Monitor for FTP authentication attempts on non-standard port 2121 using the hardcoded username 'myscada' and password 'Vikuk63'. Any successful or attempted login with these credentials is a strong indicator of exploitation or scanning activity targeting CVE-2018-11311.
  • Detect the presence of 'myscadagate.exe' on hosts and flag any FTP server process bound to port 2121 originating from this binary, as it contains the hardcoded credentials enabling unauthorized remote access.
  • Alert on FTP file upload or directory listing activity on port 2121 from external/untrusted IP addresses, as exploitation allows attackers to upload files or list directories after authenticating with hardcoded credentials.
  • ·The hardcoded credentials are embedded in the binary 'myscadagate.exe' and cannot be changed through normal configuration — patching or upgrading beyond v7.0.45 is required to remediate. Detection rules should account for the fact that these credentials are static and will always be 'myscada'/'Vikuk63'.

CVSS provenance

nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.