CVE-2021-23198 | mySCADA myPRO: Versions 8.20.0 and prior has a feature where… | CVSS 10.0 CRITICAL

Description

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

Metadata

CVE ID: CVE-2021-23198
State: PUBLISHED
Assigner: icscert
Reserved: 2021-12-03 00:00 UTC
Published: 2021-12-23 19:48 UTC
Last updated: 2024-09-16 16:23 UTC
Primary CWE: CWE-78
CWE-78 OS Command Injection
Vendor / Product: mySCADA / myPRO
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
mySCADA	myPRO	—	All ≤ 8.20.0

Weakness (CWE)

CWE	Source	Description
CWE-78	cna	CWE-78 OS Command Injection

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (1)

https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01