CVE-2021-22657

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0290%

EPSS Percentile15.56th

PublishedDec 23, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

Affected Platforms (CPE)

📦

Myscada

Mypro

<= 8.20.0

References & Advisories

🔗 https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01

Related Vulnerabilities

CVE-2021-4398110.0

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating s...

CVE-2021-4445310.0

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attack...

CVE-2021-2319810.0

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject ...

CVE-2021-4398410.0

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject ar...