All the vulnerabilites related to mySCADA - myPRO
var-202112-2106
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2106",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
}
],
"trust": 0.6
},
"cve": "CVE-2021-44453",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44453",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44453",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44453",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44453",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44453",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-44453",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-44453",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102829",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2085",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-44453",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"db": "VULMON",
"id": "CVE-2021-44453"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
},
{
"db": "NVD",
"id": "CVE-2021-44453"
},
{
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44453"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"db": "VULMON",
"id": "CVE-2021-44453"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44453",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102829",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2085",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-44453",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"db": "VULMON",
"id": "CVE-2021-44453"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
},
{
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"id": "VAR-202112-2106",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
}
]
},
"last_update_date": "2024-11-23T21:33:26.979000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO OS Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310811"
},
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175462"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44453"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"db": "VULMON",
"id": "CVE-2021-44453"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
},
{
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"db": "VULMON",
"id": "CVE-2021-44453"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
},
{
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44453"
},
{
"date": "2023-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2085"
},
{
"date": "2021-12-23T20:15:11.883000",
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102829"
},
{
"date": "2022-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44453"
},
{
"date": "2023-01-05T02:24:00",
"db": "JVNDB",
"id": "JVNDB-2021-017134"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2085"
},
{
"date": "2024-11-21T06:31:00.720000",
"db": "NVD",
"id": "CVE-2021-44453"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2085"
}
],
"trust": 0.6
}
}
var-201805-0431
Vulnerability from variot
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010. mySCADA myPRO Contains an information disclosure vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0431",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "eq",
"trust": 1.6,
"vendor": "myscada",
"version": "7.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": "7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-909"
},
{
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:myscada:mypro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
}
]
},
"cve": "CVE-2018-11517",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-11517",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2018-11517",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11517",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-11517",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-909",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-909"
},
{
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0\u0026rq=0 requests to TCP port 11010. mySCADA myPRO Contains an information disclosure vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11517"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11517",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005480",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-909",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-909"
},
{
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"id": "VAR-201805-0431",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-11-23T22:45:19.571000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://github.com/emreovunc/myscada-mypro-7-projectid-disclosure"
},
{
"trust": 1.6,
"url": "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11517"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11517"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-909"
},
{
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-909"
},
{
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"date": "2018-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-909"
},
{
"date": "2018-05-28T16:29:00.370000",
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005480"
},
{
"date": "2018-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-909"
},
{
"date": "2024-11-21T03:43:32.153000",
"db": "NVD",
"id": "CVE-2018-11517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-909"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005480"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-909"
}
],
"trust": 0.6
}
}
var-202112-1875
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1875",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
}
],
"trust": 0.6
},
"cve": "CVE-2021-22657",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-22657",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22657",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-22657",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-22657",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-22657",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-22657",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-22657",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102828",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2084",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-22657",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"db": "VULMON",
"id": "CVE-2021-22657"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
},
{
"db": "NVD",
"id": "CVE-2021-22657"
},
{
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-22657"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"db": "VULMON",
"id": "CVE-2021-22657"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-22657",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102828",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2084",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-22657",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"db": "VULMON",
"id": "CVE-2021-22657"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
},
{
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"id": "VAR-202112-1875",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
}
]
},
"last_update_date": "2024-08-14T13:22:57.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102828)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310806"
},
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175461"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-22657"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"db": "VULMON",
"id": "CVE-2021-22657"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
},
{
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"db": "VULMON",
"id": "CVE-2021-22657"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
},
{
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22657"
},
{
"date": "2022-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2084"
},
{
"date": "2021-12-23T20:15:08.987000",
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102828"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-22657"
},
{
"date": "2022-12-19T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016602"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2084"
},
{
"date": "2021-12-29T20:09:40.717000",
"db": "NVD",
"id": "CVE-2021-22657"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016602"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2084"
}
],
"trust": 0.6
}
}
var-202112-1871
Vulnerability from variot
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. mySCADA myPRO contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system, mainly designed for the visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1871",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
}
],
"trust": 0.6
},
"cve": "CVE-2021-43985",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-43985",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102832",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43985",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43985",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-43985",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43985",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-43985",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-43985",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102832",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2092",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-43985",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"db": "VULMON",
"id": "CVE-2021-43985"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
},
{
"db": "NVD",
"id": "CVE-2021-43985"
},
{
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. mySCADA myPRO contains an authentication bypass vulnerability using alternate paths or channels.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system, mainly designed for the visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43985"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"db": "VULMON",
"id": "CVE-2021-43985"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43985",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102832",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2092",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43985",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"db": "VULMON",
"id": "CVE-2021-43985"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
},
{
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"id": "VAR-202112-1871",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
}
]
},
"last_update_date": "2024-11-23T21:33:27.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO authentication bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310831"
},
{
"title": "mySCADA myPRO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175469"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-288",
"trust": 1.0
},
{
"problemtype": "Authentication Bypass Using Alternate Paths or Channels (CWE-288) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43985"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/index.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/288.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"db": "VULMON",
"id": "CVE-2021-43985"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
},
{
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"db": "VULMON",
"id": "CVE-2021-43985"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
},
{
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43985"
},
{
"date": "2022-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2092"
},
{
"date": "2021-12-23T20:15:11.710000",
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102832"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43985"
},
{
"date": "2022-12-19T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016606"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2092"
},
{
"date": "2024-11-21T06:30:09.177000",
"db": "NVD",
"id": "CVE-2021-43985"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 Authentication Bypass Vulnerability Using Alternate Paths or Channels in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016606"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2092"
}
],
"trust": 0.6
}
}
var-202112-1872
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1872",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
}
],
"trust": 0.6
},
"cve": "CVE-2021-43984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-43984",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102825",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43984",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43984",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-43984",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43984",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-43984",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-43984",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102825",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2081",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-43984",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"db": "VULMON",
"id": "CVE-2021-43984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
},
{
"db": "NVD",
"id": "CVE-2021-43984"
},
{
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"db": "VULMON",
"id": "CVE-2021-43984"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43984",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102825",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2081",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43984",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"db": "VULMON",
"id": "CVE-2021-43984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
},
{
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"id": "VAR-202112-1872",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
}
]
},
"last_update_date": "2024-11-23T21:33:27.101000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102825)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310786"
},
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175458"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43984"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/index.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"db": "VULMON",
"id": "CVE-2021-43984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
},
{
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"db": "VULMON",
"id": "CVE-2021-43984"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
},
{
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43984"
},
{
"date": "2022-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2081"
},
{
"date": "2021-12-23T20:15:11.650000",
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102825"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43984"
},
{
"date": "2022-12-19T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016605"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2081"
},
{
"date": "2024-11-21T06:30:08.980000",
"db": "NVD",
"id": "CVE-2021-43984"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2081"
}
],
"trust": 0.6
}
}
var-202112-1873
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1873",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
}
],
"trust": 0.6
},
"cve": "CVE-2021-43981",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-43981",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102826",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43981",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43981",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-43981",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43981",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-43981",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-43981",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102826",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2082",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-43981",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"db": "VULMON",
"id": "CVE-2021-43981"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
},
{
"db": "NVD",
"id": "CVE-2021-43981"
},
{
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43981"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"db": "VULMON",
"id": "CVE-2021-43981"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43981",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102826",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2082",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43981",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"db": "VULMON",
"id": "CVE-2021-43981"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
},
{
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"id": "VAR-202112-1873",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
}
]
},
"last_update_date": "2024-11-23T21:33:27.071000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102826)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310791"
},
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175459"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43981"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"db": "VULMON",
"id": "CVE-2021-43981"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
},
{
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"db": "VULMON",
"id": "CVE-2021-43981"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
},
{
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43981"
},
{
"date": "2022-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2082"
},
{
"date": "2021-12-23T20:15:11.590000",
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102826"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43981"
},
{
"date": "2022-12-19T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016604"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2082"
},
{
"date": "2024-11-21T06:30:08.420000",
"db": "NVD",
"id": "CVE-2021-43981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016604"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2082"
}
],
"trust": 0.6
}
}
var-202112-1874
Vulnerability from variot
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1874",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
}
],
"trust": 0.6
},
"cve": "CVE-2021-23198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-23198",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102827",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-23198",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-23198",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-23198",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-23198",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-23198",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-23198",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102827",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2083",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-23198",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"db": "VULMON",
"id": "CVE-2021-23198"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
},
{
"db": "NVD",
"id": "CVE-2021-23198"
},
{
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-23198"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"db": "VULMON",
"id": "CVE-2021-23198"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-23198",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102827",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2083",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-23198",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"db": "VULMON",
"id": "CVE-2021-23198"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
},
{
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"id": "VAR-202112-1874",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
}
]
},
"last_update_date": "2024-08-14T13:22:57.936000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2021-102827)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310801"
},
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175460"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23198"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"db": "VULMON",
"id": "CVE-2021-23198"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
},
{
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"db": "VULMON",
"id": "CVE-2021-23198"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
},
{
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23198"
},
{
"date": "2022-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2083"
},
{
"date": "2021-12-23T20:15:09.053000",
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102827"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-23198"
},
{
"date": "2022-12-19T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016603"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2083"
},
{
"date": "2021-12-29T20:07:49.577000",
"db": "NVD",
"id": "CVE-2021-23198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016603"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2083"
}
],
"trust": 0.6
}
}
var-202108-2251
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2251",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lt",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": "v8.20.0 all previous s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-516"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33009",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33009",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002267",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33009",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-33009",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002267",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-516",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-516"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33009"
},
{
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33009"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33009"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33009",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94730303",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021080605",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2659",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-516",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33009",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33009"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-516"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"id": "VAR-202108-2251",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T12:55:37.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VERSION\u00a08.20.0\u00a0RELEASED",
"trust": 0.8,
"url": "https://www.myscada.org/version-8-20-0-released-security-update/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unlimited uploads of dangerous types of files (CWE-434) [ others ]",
"trust": 0.8
},
{
"problemtype": " Information disclosure through directory listings (CWE-548) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"trust": 1.7,
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94730303"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27505"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33005"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33009"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33013"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080605"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33009/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2659"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33009"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-516"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-33009"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-516"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33009"
},
{
"date": "2021-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-516"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-13T16:15:08.017000",
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33009"
},
{
"date": "2024-06-20T02:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2022-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-516"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-24T20:44:58.087000",
"db": "NVD",
"id": "CVE-2021-33009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0 Made \u00a0myPRO\u00a0 Multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-516"
}
],
"trust": 0.6
}
}
var-202108-2252
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lt",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": "v8.20.0 all previous s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33005",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33005",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-002267",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-33005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002267",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-512",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33005"
},
{
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-33005 It was * Sensitive directory listing information may be read by a remote attacker - CVE-2021-27505. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33005"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33005"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33005",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94730303",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021080605",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2659",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-512",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33005",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33005"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"id": "VAR-202108-2252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T12:56:39.861000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VERSION\u00a08.20.0\u00a0RELEASED",
"trust": 0.8,
"url": "https://www.myscada.org/version-8-20-0-released-security-update/"
},
{
"title": "mySCADA myPRO Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159496"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unlimited uploads of dangerous types of files (CWE-434) [ others ]",
"trust": 0.8
},
{
"problemtype": " Information disclosure through directory listings (CWE-548) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"trust": 1.7,
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94730303"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27505"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33005"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33009"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33013"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33005/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080605"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2659"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33005"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-33005"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33005"
},
{
"date": "2021-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-512"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-13T16:15:07.950000",
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33005"
},
{
"date": "2024-06-20T02:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2022-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-512"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-24T20:41:52.433000",
"db": "NVD",
"id": "CVE-2021-33005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0 Made \u00a0myPRO\u00a0 Multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-512"
}
],
"trust": 0.6
}
}
var-202203-0931
Vulnerability from variot
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0931",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.25.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
}
],
"trust": 0.6
},
"cve": "CVE-2022-0999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2022-0999",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-0999",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-0999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2128",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-0999",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0999"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
},
{
"db": "NVD",
"id": "CVE-2022-0999"
},
{
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0999"
},
{
"db": "VULMON",
"id": "CVE-2022-0999"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-22-083-02",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2022-0999",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032501",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1286",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2128",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-0999",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0999"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
},
{
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"id": "VAR-202203-0931",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-11-23T22:44:03.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mySCADA myPRO Repair measures for operating system command injection vulnerability in operating system",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189772"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0999/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1286"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-083-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032501"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0999"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
},
{
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-0999"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
},
{
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0999"
},
{
"date": "2022-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2128"
},
{
"date": "2022-04-11T20:15:16.737000",
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0999"
},
{
"date": "2022-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2128"
},
{
"date": "2024-11-21T06:39:49.783000",
"db": "NVD",
"id": "CVE-2022-0999"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO Operating system operating system command injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2128"
}
],
"trust": 0.6
}
}
var-202208-1819
Vulnerability from variot
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. mySCADA Technologies Provided by the company myPRO The following vulnerabilities exist in. It was * Command injection (CWE-77) - CVE-2022-2234If the vulnerability is exploited, it may be affected as follows
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1819",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.26.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.26.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marlon Luis Petry reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
}
],
"trust": 0.6
},
"cve": "CVE-2022-2234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2234",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.1,
"id": "CVE-2022-2234",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2234",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2234",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2234",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-2234",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3801",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
},
{
"db": "NVD",
"id": "CVE-2022-2234"
},
{
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. mySCADA Technologies Provided by the company myPRO The following vulnerabilities exist in. It was * Command injection (CWE-77) - CVE-2022-2234If the vulnerability is exploited, it may be affected as follows",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2234"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "VULMON",
"id": "CVE-2022-2234"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2234",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-22-235-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92145197",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3801",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2234",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2234"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
},
{
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"id": "VAR-202208-1819",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T15:06:13.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DOWNLOADS",
"trust": 0.8,
"url": "https://www.myscada.org/download/#mypro"
},
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247287"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Command injection (CWE-77) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92145197/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2234"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-235-03"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2234/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2234"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
},
{
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-2234"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
},
{
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2234"
},
{
"date": "2022-08-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"date": "2022-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3801"
},
{
"date": "2022-08-24T16:15:11.797000",
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2022-2234"
},
{
"date": "2024-06-13T09:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-002341"
},
{
"date": "2023-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3801"
},
{
"date": "2023-07-24T13:07:21.177000",
"db": "NVD",
"id": "CVE-2022-2234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0Technologies\u00a0 Made \u00a0myPRO\u00a0 Command injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002341"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3801"
}
],
"trust": 0.6
}
}
var-202112-1870
Vulnerability from variot
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. mySCADA myPRO contains an undocumented functionality vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
}
],
"trust": 0.6
},
"cve": "CVE-2021-43987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-43987",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102830",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43987",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-016607",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43987",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-43987",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-43987",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102830",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2086",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-43987",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"db": "VULMON",
"id": "CVE-2021-43987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
},
{
"db": "NVD",
"id": "CVE-2021-43987"
},
{
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. mySCADA myPRO contains an undocumented functionality vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"db": "VULMON",
"id": "CVE-2021-43987"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43987",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102830",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2086",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43987",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"db": "VULMON",
"id": "CVE-2021-43987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
},
{
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"id": "VAR-202112-1870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
}
]
},
"last_update_date": "2024-11-23T21:33:27.041000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO has an unknown vulnerability (CNVD-2021-102830)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310821"
},
{
"title": "mySCADA myPRO Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=175463"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-912",
"trust": 1.0
},
{
"problemtype": "Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43987"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/index.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/912.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"db": "VULMON",
"id": "CVE-2021-43987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
},
{
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"db": "VULMON",
"id": "CVE-2021-43987"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
},
{
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43987"
},
{
"date": "2022-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2086"
},
{
"date": "2021-12-23T20:15:11.767000",
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102830"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43987"
},
{
"date": "2022-12-19T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016607"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2086"
},
{
"date": "2024-11-21T06:30:09.503000",
"db": "NVD",
"id": "CVE-2021-43987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 Vulnerabilities related to undisclosed functions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016607"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2086"
}
],
"trust": 0.6
}
}
var-202304-2125
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-2125",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.26.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": null,
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.26.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"cve": "CVE-2023-28400",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-28400",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-28400",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-28400",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-28400",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-2196",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2196"
},
{
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"db": "VULMON",
"id": "CVE-2023-28400"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28400",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-096-06",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95525237",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009258",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2196",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2196"
},
{
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"id": "VAR-202304-2125",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T13:20:47.335000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236105"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2196"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95525237/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28400"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28400/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2196"
},
{
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28400"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2196"
},
{
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28400"
},
{
"date": "2023-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2196"
},
{
"date": "2023-04-27T23:15:14.917000",
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28400"
},
{
"date": "2023-12-05T04:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-009258"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2196"
},
{
"date": "2023-11-07T04:10:33.863000",
"db": "NVD",
"id": "CVE-2023-28400"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0Technologies\u00a0 of \u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009258"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2196"
}
],
"trust": 0.6
}
}
var-202304-2121
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-2121",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.26.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": null,
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.26.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"cve": "CVE-2023-28716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-28716",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-28716",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-28716",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-28716",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-2205",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2205"
},
{
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28716"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"db": "VULMON",
"id": "CVE-2023-28716"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28716",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-096-06",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95525237",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009259",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2205",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28716",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28716"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2205"
},
{
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"id": "VAR-202304-2121",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T13:20:47.360000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236111"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95525237/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28716"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28716/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28716"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2205"
},
{
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28716"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2205"
},
{
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28716"
},
{
"date": "2023-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2205"
},
{
"date": "2023-04-27T23:15:14.963000",
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28716"
},
{
"date": "2023-12-05T04:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-009259"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2205"
},
{
"date": "2023-11-07T04:10:49.930000",
"db": "NVD",
"id": "CVE-2023-28716"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0Technologies\u00a0 of \u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009259"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2205"
}
],
"trust": 0.6
}
}
var-201805-0803
Vulnerability from variot
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. mySCADA myPRO Contains a vulnerability in the use of hard-coded credentials.Information may be obtained and information may be altered
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0803",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "eq",
"trust": 1.6,
"vendor": "myscada",
"version": "7.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": "7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
},
{
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:myscada:mypro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emre ?V?N?",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
}
],
"trust": 0.6
},
"cve": "CVE-2018-11311",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-11311",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-11311",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11311",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-11311",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-635",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
},
{
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hardcoded FTP username of myscada and password of Vikuk63 in \u0027myscadagate.exe\u0027 in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials. mySCADA myPRO Contains a vulnerability in the use of hard-coded credentials.Information may be obtained and information may be altered",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11311"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11311",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "44656",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005338",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "48620",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-635",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
},
{
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"id": "VAR-201805-0803",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-11-23T22:48:43.138000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://emreovunc.com/blog/en/myscada-mypro7-exploit.pdf"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/44656/"
},
{
"trust": 1.0,
"url": "https://github.com/emreovunc/myscada-mypro-7-hardcoded-ftp-username-and-password"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11311"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11311"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48620"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
},
{
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
},
{
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"date": "2018-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-635"
},
{
"date": "2018-05-20T22:29:00.233000",
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005338"
},
{
"date": "2020-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-635"
},
{
"date": "2024-11-21T03:43:06.870000",
"db": "NVD",
"id": "CVE-2018-11311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005338"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-635"
}
],
"trust": 0.6
}
}
var-202304-2124
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-2124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.26.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": null,
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.26.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"cve": "CVE-2023-28384",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-28384",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-28384",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-28384",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-28384",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-2203",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2203"
},
{
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-28384"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"db": "VULMON",
"id": "CVE-2023-28384"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-28384",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-096-06",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95525237",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009257",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2203",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-28384",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28384"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2203"
},
{
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"id": "VAR-202304-2124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T13:20:47.411000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236110"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-28384"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95525237/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-28384/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-28384"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2203"
},
{
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-28384"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2203"
},
{
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28384"
},
{
"date": "2023-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2203"
},
{
"date": "2023-04-27T23:15:14.867000",
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2023-28384"
},
{
"date": "2023-12-05T04:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-009257"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2203"
},
{
"date": "2023-11-07T04:10:32.950000",
"db": "NVD",
"id": "CVE-2023-28384"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0Technologies\u00a0 of \u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009257"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2203"
}
],
"trust": 0.6
}
}
var-201710-1116
Vulnerability from variot
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. mySCADA myPRO Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. myPRO is an HMI/SCADA system for the visualization and control of industrial processes. mySCADA myPRO is prone to a local privilege-escalation vulnerability. mySCADA myPRO Versions 7.0.26 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.8,
"vendor": "myscada",
"version": "7.0.26"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.9,
"vendor": "myscada",
"version": "7.0.26"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=7.0.26"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.3,
"vendor": "myscada",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mypro",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"db": "BID",
"id": "100815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
},
{
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:myscada:mypro",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen.",
"sources": [
{
"db": "BID",
"id": "100815"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12730",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12730",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-26426",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-12730",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12730",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12730",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-26426",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-873",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
},
{
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges. mySCADA myPRO Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. myPRO is an HMI/SCADA system for the visualization and control of industrial processes. mySCADA myPRO is prone to a local privilege-escalation vulnerability. \nmySCADA myPRO Versions 7.0.26 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12730"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"db": "BID",
"id": "100815"
},
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12730",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-255-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100815",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-26426",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274",
"trust": 0.8
},
{
"db": "IVD",
"id": "98037459-60AA-4D28-AD7C-D0EB6BECD959",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"db": "BID",
"id": "100815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
},
{
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"id": "VAR-201710-1116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"db": "CNVD",
"id": "CNVD-2017-26426"
}
],
"trust": 1.08945112
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"db": "CNVD",
"id": "CNVD-2017-26426"
}
]
},
"last_update_date": "2024-11-23T22:17:46.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for mySCADA myPRO privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/102111"
},
{
"title": "mySCADA myPRO Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74978"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-255-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100815"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12730"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12730"
},
{
"trust": 0.3,
"url": "https://www.myscada.org/mypro/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"db": "BID",
"id": "100815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
},
{
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"db": "BID",
"id": "100815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
},
{
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-13T00:00:00",
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"date": "2017-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"date": "2017-09-12T00:00:00",
"db": "BID",
"id": "100815"
},
{
"date": "2017-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-873"
},
{
"date": "2017-10-06T04:29:00.217000",
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-26426"
},
{
"date": "2017-09-12T00:00:00",
"db": "BID",
"id": "100815"
},
{
"date": "2017-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009274"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-873"
},
{
"date": "2024-11-21T03:10:06.643000",
"db": "NVD",
"id": "CVE-2017-12730"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100815"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO Vulnerabilities related to unquoted search paths or elements",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-009274"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "98037459-60aa-4d28-ad7c-d0eb6becd959"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-873"
}
],
"trust": 0.8
}
}
var-202304-2122
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-2122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.26.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": null,
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.26.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"cve": "CVE-2023-29150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-29150",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-29150",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-29150",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-29150",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-2200",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2200"
},
{
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-29150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"db": "VULMON",
"id": "CVE-2023-29150"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-29150",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-096-06",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95525237",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009260",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2200",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-29150",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-29150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2200"
},
{
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"id": "VAR-202304-2122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T13:20:47.435000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236108"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2200"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95525237/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29150"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-29150/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-29150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2200"
},
{
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-29150"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2200"
},
{
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29150"
},
{
"date": "2023-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2200"
},
{
"date": "2023-04-27T23:15:15.007000",
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29150"
},
{
"date": "2023-12-05T04:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-009260"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2200"
},
{
"date": "2023-11-07T04:11:05.567000",
"db": "NVD",
"id": "CVE-2023-29150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0Technologies\u00a0 of \u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009260"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2200"
}
],
"trust": 0.6
}
}
var-202304-2123
Vulnerability from variot
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-2123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.26.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": null,
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.26.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"cve": "CVE-2023-29169",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2023-29169",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-29169",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-29169",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-29169",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-2199",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2199"
},
{
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-29169"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"db": "VULMON",
"id": "CVE-2023-29169"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-29169",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-096-06",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95525237",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009261",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2199",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-29169",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-29169"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2199"
},
{
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"id": "VAR-202304-2123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T13:20:47.386000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mySCADA myPRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=236107"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2199"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95525237/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-29169"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-29169/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-29169"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2199"
},
{
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-29169"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-2199"
},
{
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-27T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29169"
},
{
"date": "2023-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2199"
},
{
"date": "2023-04-27T23:15:15.050000",
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2023-29169"
},
{
"date": "2023-12-05T04:10:00",
"db": "JVNDB",
"id": "JVNDB-2023-009261"
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-2199"
},
{
"date": "2023-11-07T04:11:05.927000",
"db": "NVD",
"id": "CVE-2023-29169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0Technologies\u00a0 of \u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-009261"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-2199"
}
],
"trust": 0.6
}
}
var-202108-2253
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lt",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": "v8.20.0 all previous s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
}
],
"trust": 0.6
},
"cve": "CVE-2021-27505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27505",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27505",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002267",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27505",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-27505",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-002267",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-488",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27505"
},
{
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27505"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-27505"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27505",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94730303",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021080605",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2659",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-488",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27505",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27505"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"id": "VAR-202108-2253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T12:46:35.386000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VERSION\u00a08.20.0\u00a0RELEASED",
"trust": 0.8,
"url": "https://www.myscada.org/version-8-20-0-released-security-update/"
},
{
"title": "mySCADA myPro Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159495"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-548",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unlimited uploads of dangerous types of files (CWE-434) [ others ]",
"trust": 0.8
},
{
"problemtype": " Information disclosure through directory listings (CWE-548) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"trust": 1.7,
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94730303"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27505"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33005"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33009"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33013"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080605"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-27505/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2659"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/548.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27505"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-27505"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27505"
},
{
"date": "2021-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-488"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-13T16:15:07.877000",
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27505"
},
{
"date": "2024-06-20T02:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2022-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-488"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-24T20:41:07.180000",
"db": "NVD",
"id": "CVE-2021-27505"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0 Made \u00a0myPRO\u00a0 Multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-488"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 1.2
}
}
var-202112-1869
Vulnerability from variot
mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. mySCADA myPRO contains a vulnerability related to the use of insufficiently strong password hashes.Information may be obtained. mySCADA myPRO is an HMI/SCADA system, mainly designed for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1869",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lte",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.8,
"vendor": "myscada",
"version": "8.20.0 and earlier"
},
{
"model": "mypro",
"scope": "lte",
"trust": 0.6,
"vendor": "myscada",
"version": "\u003c=8.20.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
}
],
"trust": 0.6
},
"cve": "CVE-2021-43989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-43989",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102831",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-43989",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-016608",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-43989",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-43989",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-43989",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-102831",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-43989",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"db": "VULMON",
"id": "CVE-2021-43989"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
},
{
"db": "NVD",
"id": "CVE-2021-43989"
},
{
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. mySCADA myPRO contains a vulnerability related to the use of insufficiently strong password hashes.Information may be obtained. mySCADA myPRO is an HMI/SCADA system, mainly designed for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-43989"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"db": "VULMON",
"id": "CVE-2021-43989"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-43989",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-21-355-01",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU90153325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102831",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2087",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-43989",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"db": "VULMON",
"id": "CVE-2021-43989"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
},
{
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"id": "VAR-202112-1869",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
}
]
},
"last_update_date": "2024-11-23T21:33:26.947000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "myPRO",
"trust": 0.8,
"url": "https://www.myscada.org/mypro/"
},
{
"title": "Patch for MySCADA myPRO has unspecified vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310826"
},
{
"title": "mySCADA myPRO Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=176051"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.0
},
{
"problemtype": "CWE-916",
"trust": 1.0
},
{
"problemtype": "Use of weak password hashes (CWE-916) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-43989"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90153325/index.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0075"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/916.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"db": "VULMON",
"id": "CVE-2021-43989"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
},
{
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"db": "VULMON",
"id": "CVE-2021-43989"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
},
{
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43989"
},
{
"date": "2022-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"date": "2021-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2087"
},
{
"date": "2021-12-23T20:15:11.827000",
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102831"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-43989"
},
{
"date": "2022-12-19T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-016608"
},
{
"date": "2023-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2087"
},
{
"date": "2024-11-21T06:30:09.797000",
"db": "NVD",
"id": "CVE-2021-43989"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0myPRO\u00a0 Vulnerability related to the use of insufficiently strong password hashes in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016608"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2087"
}
],
"trust": 0.6
}
}
var-202407-0046
Vulnerability from variot
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202407-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lt",
"trust": 1.6,
"vendor": "myscada",
"version": "8.31.0"
},
{
"model": "mypro",
"scope": null,
"trust": 0.7,
"vendor": "myscada",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"db": "CNVD",
"id": "CNVD-2024-46410"
},
{
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nassim Asrir",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
}
],
"trust": 0.7
},
"cve": "CVE-2024-4708",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-46410",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-4708",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2024-4708",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-4708",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2024-4708",
"trust": 1.0,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2024-4708",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2024-46410",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"db": "CNVD",
"id": "CNVD-2024-46410"
},
{
"db": "NVD",
"id": "CVE-2024-4708"
},
{
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO \n\nuses a hard-coded password which could allow an attacker to remotely execute code on the affected device. Authentication is not required to exploit this vulnerability.The specific flaw exists within the telnet service, which listens on TCP port 5005 by default. The issue results from the use of hard-coded credentials. mySCADA myPRO is an application software. myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-4708"
},
{
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"db": "CNVD",
"id": "CNVD-2024-46410"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-4708",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-24-184-02",
"trust": 1.6
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-23546",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-1226",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2024-46410",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"db": "CNVD",
"id": "CNVD-2024-46410"
},
{
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"id": "VAR-202407-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46410"
}
],
"trust": 0.8894511199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-46410"
}
]
},
"last_update_date": "2024-11-29T23:04:10.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "mySCADA has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02"
},
{
"title": "Patch for mySCADA myPRO Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/634291"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"db": "CNVD",
"id": "CNVD-2024-46410"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-259",
"trust": 1.0
},
{
"problemtype": "CWE-798",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02"
},
{
"trust": 1.0,
"url": "https://www.myscada.org/mypro/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"db": "CNVD",
"id": "CNVD-2024-46410"
},
{
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"db": "CNVD",
"id": "CNVD-2024-46410"
},
{
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"date": "2024-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46410"
},
{
"date": "2024-07-02T23:15:10.860000",
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-13T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1226"
},
{
"date": "2024-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-46410"
},
{
"date": "2024-08-29T19:31:56.517000",
"db": "NVD",
"id": "CVE-2024-4708"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO Hard-Coded Credentials Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1226"
}
],
"trust": 0.7
}
}
var-202108-2250
Vulnerability from variot
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2250",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lt",
"trust": 1.0,
"vendor": "myscada",
"version": "8.20.0"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": "v8.20.0 all previous s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Heinzl reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
}
],
"trust": 0.6
},
"cve": "CVE-2021-33013",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-33013",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33013",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-33013",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-002267",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-33013",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-33013",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-33013",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-519",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33013"
},
{
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. mySCADA Provided by the company myPRO contains multiple vulnerabilities: * Inadequate access control ( CWE-284 ) - CVE-2021-33013 It was * Unlimited uploads of dangerous file types ( CWE-434 ) - CVE-2021-33009 It was * Path Traversal ( CWE-22 ) - CVE-2021-33005 It was * Information leakage due to disclosure of directory information ( CWE-548 ) - CVE-2021-27505The expected impact depends on each vulnerability, but it may be affected as follows. It was * Sensitive system information may be read by a remote third party - CVE-2021-33013 It was * Arbitrary files can be uploaded to the file system by an unauthenticated remote attacker. - CVE-2021-33009 It was * Arbitrary files can be uploaded to any directory by an unauthenticated remote attacker. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULMON",
"id": "CVE-2021-33013"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33013",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-217-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU94730303",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2659",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021080605",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-519",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33013",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"id": "VAR-202108-2250",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.28945112
},
"last_update_date": "2024-08-14T13:03:11.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VERSION\u00a08.20.0\u00a0RELEASED",
"trust": 0.8,
"url": "https://www.myscada.org/version-8-20-0-released-security-update/"
},
{
"title": "mySCADA myPRO Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=159497"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unlimited uploads of dangerous types of files (CWE-434) [ others ]",
"trust": 0.8
},
{
"problemtype": " Information disclosure through directory listings (CWE-548) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"trust": 1.7,
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-217-03"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu94730303"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27505"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33005"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33009"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33013"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021080605"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-33013/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2659"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-33013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2021-33013"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33013"
},
{
"date": "2021-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2021-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-519"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-05-13T16:15:08.083000",
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-33013"
},
{
"date": "2024-06-20T02:08:00",
"db": "JVNDB",
"id": "JVNDB-2021-002267"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-519"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-10-27T11:56:13.777000",
"db": "NVD",
"id": "CVE-2021-33013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0 Made \u00a0myPRO\u00a0 Multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002267"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-519"
}
],
"trust": 0.6
}
}
cve-2023-28716
Vulnerability from cvelistv5
Published
2023-04-27 22:11
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
CVE-2023-28716
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:43:23.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mySCADA myPRO",
"vendor": "mySCADA Technologies",
"versions": [
{
"lessThanOrEqual": "8.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 OS Command Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T22:11:48.603Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-28716",
"x_generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-28716"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-28716",
"datePublished": "2023-04-27T22:11:48.603Z",
"dateReserved": "2023-04-03T21:34:49.136Z",
"dateUpdated": "2024-08-02T13:43:23.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28400
Vulnerability from cvelistv5
Published
2023-04-27 22:18
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
CVE-2023-28400
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mySCADA myPRO",
"vendor": "mySCADA Technologies",
"versions": [
{
"lessThanOrEqual": "8.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 OS Command Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T22:18:43.429Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-28400",
"x_generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-28400"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-28400",
"datePublished": "2023-04-27T22:18:43.429Z",
"dateReserved": "2023-04-03T21:34:49.140Z",
"dateUpdated": "2024-08-02T12:38:25.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11517
Vulnerability from cvelistv5
Published
2018-05-28 16:00
Modified
2024-09-16 23:46
Severity ?
EPSS score ?
Summary
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb | x_refsource_MISC | |
| https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:10:14.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0\u0026rq=0 requests to TCP port 11010."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-28T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0\u0026rq=0 requests to TCP port 11010."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb",
"refsource": "MISC",
"url": "https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb"
},
{
"name": "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure",
"refsource": "MISC",
"url": "https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11517",
"datePublished": "2018-05-28T16:00:00Z",
"dateReserved": "2018-05-28T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:56.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43984
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:37",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-43984",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43984",
"datePublished": "2021-12-23T19:48:37.725013Z",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-09-16T23:30:31.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-23198
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 16:23
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-23198",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-23198",
"datePublished": "2021-12-23T19:48:35.400986Z",
"dateReserved": "2021-12-03T00:00:00",
"dateUpdated": "2024-09-16T16:23:34.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44453
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-17 01:46
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:38",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-44453",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-44453",
"datePublished": "2021-12-23T19:48:38.488413Z",
"dateReserved": "2021-11-30T00:00:00",
"dateUpdated": "2024-09-17T01:46:17.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43989
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 19:56
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-916",
"description": "CWE-916 Use of Password Hash With Insufficient Computational Effort",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:39",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-43989",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-916 Use of Password Hash With Insufficient Computational Effort"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43989",
"datePublished": "2021-12-23T19:48:39.913930Z",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-09-16T19:56:02.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22657
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:05.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-22657",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-22657",
"datePublished": "2021-12-23T19:48:36.843123Z",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-09-17T00:21:11.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29169
Vulnerability from cvelistv5
Published
2023-04-27 22:03
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
CVE-2023-29169
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:16.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mySCADA myPRO",
"vendor": "mySCADA Technologies",
"versions": [
{
"lessThanOrEqual": "8.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 OS Command Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T22:03:30.341Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-29169",
"x_generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-29169"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-29169",
"datePublished": "2023-04-27T22:03:30.341Z",
"dateReserved": "2023-04-03T21:34:49.125Z",
"dateUpdated": "2024-08-02T14:00:16.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27505
Vulnerability from cvelistv5
Published
2022-05-13 15:17
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
mySCADA myPRO Exposure of Information Through Directory Listing
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThan": "8.20.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548: Exposure of Information Through Directory Listing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T15:17:59",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "mySCADA myPRO Exposure of Information Through Directory Listing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-27505",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Exposure of Information Through Directory Listing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-548: Exposure of Information Through Directory Listing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27505",
"datePublished": "2022-05-13T15:17:59.788340Z",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-09-16T22:46:04.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33013
Vulnerability from cvelistv5
Published
2022-05-13 15:19
Modified
2024-09-16 22:21
Severity ?
EPSS score ?
Summary
mySCADA myPRO Improper Access Control
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThan": "8.20.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T15:19:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "mySCADA myPRO Improper Access Control",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-33013",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-33013",
"datePublished": "2022-05-13T15:19:35.805770Z",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-09-16T22:21:16.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12730
Vulnerability from cvelistv5
Published
2017-10-06 04:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/100815 | vdb-entry, x_refsource_BID | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | mySCADA myPRO |
Version: mySCADA myPRO |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mySCADA myPRO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "mySCADA myPRO"
}
]
}
],
"datePublic": "2017-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-12730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mySCADA myPRO",
"version": {
"version_data": [
{
"version_value": "mySCADA myPRO"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100815"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-12730",
"datePublished": "2017-10-06T04:00:00",
"dateReserved": "2017-08-09T00:00:00",
"dateUpdated": "2024-08-05T18:43:56.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43987
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-912",
"description": "CWE-912 Hidden Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-43987",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-912 Hidden Functionality"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43987",
"datePublished": "2021-12-23T19:48:36.147646Z",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-09-16T23:35:29.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4708
Vulnerability from cvelistv5
Published
2024-07-02 23:06
Modified
2024-08-01 20:47
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
mySCADA myPRO Use of Hard-coded Password
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:myscada:mypro:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mypro",
"vendor": "myscada",
"versions": [
{
"lessThan": "8.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T20:10:12.733058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T21:23:04.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:47:41.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.myscada.org/mypro/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThan": "8.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nassim Asrir working with Trend Micro Zero Day Initiative reported this vulnerability to CISA."
}
],
"datePublic": "2024-07-02T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "mySCADA myPRO \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euses a hard-coded password which could allow an attacker to remotely execute code on the affected device.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "mySCADA myPRO \n\nuses a hard-coded password which could allow an attacker to remotely execute code on the affected device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259 Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:56:09.695Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02"
},
{
"url": "https://www.myscada.org/mypro/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emySCADA recommends updating myPRO to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.myscada.org/mypro/\"\u003ev8.31.0\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "mySCADA recommends updating myPRO to v8.31.0 https://www.myscada.org/mypro/ ."
}
],
"source": {
"advisory": "ICSA-24-184-02",
"discovery": "EXTERNAL"
},
"title": "mySCADA myPRO Use of Hard-coded Password",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-4708",
"datePublished": "2024-07-02T23:06:21.045Z",
"dateReserved": "2024-05-09T20:45:17.755Z",
"dateUpdated": "2024-08-01T20:47:41.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29150
Vulnerability from cvelistv5
Published
2023-04-27 22:01
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
CVE-2023-29150
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mySCADA myPRO",
"vendor": "mySCADA Technologies",
"versions": [
{
"lessThanOrEqual": "8.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. "
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 OS Command Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T22:01:29.958Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-29150",
"x_generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-29150"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-29150",
"datePublished": "2023-04-27T22:01:29.958Z",
"dateReserved": "2023-04-03T21:34:49.120Z",
"dateUpdated": "2024-08-02T14:00:15.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43985
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:40",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-43985",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43985",
"datePublished": "2021-12-23T19:48:40.631051Z",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-09-16T17:14:15.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33005
Vulnerability from cvelistv5
Published
2022-05-13 15:18
Modified
2024-09-17 00:32
Severity ?
EPSS score ?
Summary
mySCADA myPRO Path Traversal
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThan": "8.20.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T15:18:39",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "mySCADA myPRO Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-33005",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-33005",
"datePublished": "2022-05-13T15:18:40.002621Z",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-09-17T00:32:14.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33009
Vulnerability from cvelistv5
Published
2022-05-13 15:19
Modified
2024-09-17 03:23
Severity ?
EPSS score ?
Summary
mySCADA myPRO Unrestricted Upload of File with Dangerous Type
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03 | x_refsource_MISC | |
| https://www.myscada.org/version-8-20-0-released-security-update | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThan": "8.20.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"datePublic": "2021-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-13T15:19:06",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "mySCADA myPRO Unrestricted Upload of File with Dangerous Type",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-08-05T21:32:00.000Z",
"ID": "CVE-2021-33009",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Unrestricted Upload of File with Dangerous Type"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-217-03"
},
{
"name": "https://www.myscada.org/version-8-20-0-released-security-update",
"refsource": "CONFIRM",
"url": "https://www.myscada.org/version-8-20-0-released-security-update"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users apply update v8.20.0 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-33009",
"datePublished": "2022-05-13T15:19:06.387653Z",
"dateReserved": "2021-05-13T00:00:00",
"dateUpdated": "2024-09-17T03:23:47.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28384
Vulnerability from cvelistv5
Published
2023-04-27 22:09
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
CVE-2023-28384
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | mySCADA Technologies | mySCADA myPRO |
Version: 0 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mySCADA myPRO",
"vendor": "mySCADA Technologies",
"versions": [
{
"lessThanOrEqual": "8.26.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78 OS Command Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T22:09:56.434Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2023-28384",
"x_generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-28384"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-28384",
"datePublished": "2023-04-27T22:09:56.434Z",
"dateReserved": "2023-04-03T21:34:49.132Z",
"dateUpdated": "2024-08-02T12:38:25.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0999
Vulnerability from cvelistv5
Published
2022-04-11 19:38
Modified
2024-08-02 23:47
Severity ?
EPSS score ?
Summary
mySCADA myPRO Command Injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.25.0",
"status": "affected",
"version": "5.59",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:38:30",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to version 8.26 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users.\n"
}
],
"source": {
"advisory": "ICSA-22-083-02",
"discovery": "EXTERNAL"
},
"title": "mySCADA myPRO Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2022-0999",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.59",
"version_value": "8.25.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Heinzl reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77: Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-083-02"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to version 8.26 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users.\n"
}
],
"source": {
"advisory": "ICSA-22-083-02",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-0999",
"datePublished": "2022-04-11T19:38:30",
"dateReserved": "2022-03-16T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43981
Vulnerability from cvelistv5
Published
2021-12-23 19:48
Modified
2024-09-16 20:12
Severity ?
EPSS score ?
Summary
mySCADA myPRO
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "myPRO",
"vendor": "mySCADA",
"versions": [
{
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T19:48:39",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
},
"title": "mySCADA myPRO",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-12-21T17:26:00.000Z",
"ID": "CVE-2021-43981",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "All",
"version_value": "8.20.0"
}
]
}
}
]
},
"vendor_name": "mySCADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to Version 8.22.0 or higher. For more information, contact mySCADA technical support."
}
],
"source": {
"advisory": "ICSA-21-355-01",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43981",
"datePublished": "2021-12-23T19:48:39.215460Z",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-09-16T20:12:37.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11311
Vulnerability from cvelistv5
Published
2018-05-20 22:00
Modified
2024-08-05 08:01
Severity ?
EPSS score ?
Summary
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf | x_refsource_MISC | |
| https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44656/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:52.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password"
},
{
"name": "44656",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44656/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hardcoded FTP username of myscada and password of Vikuk63 in \u0027myscadagate.exe\u0027 in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-22T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password"
},
{
"name": "44656",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44656/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hardcoded FTP username of myscada and password of Vikuk63 in \u0027myscadagate.exe\u0027 in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf",
"refsource": "MISC",
"url": "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf"
},
{
"name": "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password",
"refsource": "MISC",
"url": "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password"
},
{
"name": "44656",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44656/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11311",
"datePublished": "2018-05-20T22:00:00",
"dateReserved": "2018-05-19T00:00:00",
"dateUpdated": "2024-08-05T08:01:52.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2234
Vulnerability from cvelistv5
Published
2022-08-24 15:15
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
mySCADA myPRO Command Injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | mySCADA Technologies | mySCADA myPRO |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mySCADA myPRO",
"vendor": "mySCADA Technologies",
"versions": [
{
"lessThanOrEqual": "8.26.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marlon Luis Petry reported this vulnerability to CISA."
}
],
"datePublic": "2022-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T15:15:48",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03"
}
],
"solutions": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to version 8.27.0 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "mySCADA myPRO Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-08-23T20:17:00.000Z",
"ID": "CVE-2022-2234",
"STATE": "PUBLIC",
"TITLE": "mySCADA myPRO Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mySCADA myPRO",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.26.0"
}
]
}
}
]
},
"vendor_name": "mySCADA Technologies"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Marlon Luis Petry reported this vulnerability to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-235-03"
}
]
},
"solution": [
{
"lang": "en",
"value": "mySCADA recommends users upgrade to version 8.27.0 or higher. For more information, contact mySCADA technical support. mySCADA will also send security advice by email to all registered users."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2234",
"datePublished": "2022-08-24T15:15:48.755685Z",
"dateReserved": "2022-06-27T00:00:00",
"dateUpdated": "2024-09-16T22:14:46.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}