CVE-2021-43987
published 2021-12-23CVE-2021-43987: An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.18%
63.6th percentile
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | <= 8.20.0 | — |
| myscada | mypro | All – 8.20.0 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
mySCADA myPRO
cisa_ics·2021-12-21·CVSS 9.1
[CRITICAL] mySCADA myPRO
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
mySCADA myPRO
Last RevisedDecember 21, 2021
Alert CodeICSA-21-355-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: mySCADA
- Equipment: myPRO
- Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to completely compromise the products.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The followi
GHSA
GHSA-5jvw-w4j5-8wrq: An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8
ghsa_unreviewed·2021-12-24
CVE-2021-43987 [CRITICAL] CWE-912 GHSA-5jvw-w4j5-8wrq: An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-12-23
Published