CVE-2021-27505
published 2022-05-13CVE-2021-27505: mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.96%
57.0th percentile
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | < 8.20.0 | 8.20.0 |
| myscada | mypro | >= unspecified < 8.20.0 | 8.20.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5crv-26fx-6c29: mySCADA myPRO versions prior to 8
ghsa_unreviewed·2022-05-14
CVE-2021-27505 [HIGH] CWE-548 GHSA-5crv-26fx-6c29: mySCADA myPRO versions prior to 8
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
CISA ICS
mySCADA myPRO
cisa_ics·2021-08-05·CVSS 7.5
[HIGH] mySCADA myPRO
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
mySCADA myPRO
Last RevisedAugust 05, 2021
Alert CodeICSA-21-217-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 X8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: mySCADA
- Equipment: myPRO
- Vulnerabilities: Improper Access Control, Unrestricted Upload of File with Dangerous Type, Path Traversal, Exposure of Information Through Directory Listing
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow unauthorized users the ability to access sensitive information and upload arbitrary files.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODU
No detection rules found.
No public exploits indexed.
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
Greynoiseio
NoiseLetter January 2025
blogs_greynoiseio
NoiseLetter January 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2022-05-13
Published