CVE-2021-43985
published 2021-12-23CVE-2021-43985: An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.55%
72.0th percentile
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | <= 8.20.0 | — |
| myscada | mypro | All – 8.20.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
mySCADA myPRO
cisa_ics·2021-12-21·CVSS 9.1
[CRITICAL] mySCADA myPRO
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
mySCADA myPRO
Last RevisedDecember 21, 2021
Alert CodeICSA-21-355-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: mySCADA
- Equipment: myPRO
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to completely compromise the products.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The followi
GHSA
GHSA-qv9f-35vh-j998: An unauthenticated remote attacker can access mySCADA myPRO Versions 8
ghsa_unreviewed·2021-12-24
CVE-2021-43985 [CRITICAL] CWE-288 GHSA-qv9f-35vh-j998: An unauthenticated remote attacker can access mySCADA myPRO Versions 8
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-23
Published