CVE-2023-29150
published 2023-04-27CVE-2023-29150: mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.75%
50.2th percentile
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | <= 8.26.0 | — |
| myscada_technologies | myscada_mypro | <= 8.26.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
mySCADA myPRO
cisa_ics·2023-04-06·CVSS 8.8
[HIGH] mySCADA myPRO
ICS Advisory
##
mySCADA myPRO
Release DateApril 06, 2023
Alert CodeICSA-23-096-06
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.9
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: mySCADA Technologies
- Equipment: mySCADA myPRO
- Vulnerabilities: OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an authenticated user to inject arbitrary operating system commands.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of myPRO HMI/SCADA systems are affected:
- myPRO: versions 8.26.0 and prior
## 3.2 VULNERABILITY OVERVIEW
3.2.1 OS COMMAND INJECTION CWE-78
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exp
GHSA
GHSA-q7w5-fm9c-g2g3: mySCADA myPRO versions 8
ghsa_unreviewed·2023-04-28
CVE-2023-29150 [HIGH] CWE-78 GHSA-q7w5-fm9c-g2g3: mySCADA myPRO versions 8
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-27
Published