CVE-2018-11311

Name of the Vulnerable Software and Affected Versions mySCADA myPRO version 7

Description The issue allows remote attackers to access the FTP server on port 2121, upload files, or list directories by using a hardcoded FTP username and password. The hardcoded credentials are username set to 'myscada' and password set to 'Vikuk63' in the 'myscadagate.exe' file.

Recommendations For mySCADA myPRO version 7, consider changing the hardcoded FTP credentials to secure ones, and restrict access to the FTP server on port 2121 until a patch is available. As a temporary workaround, restrict the use of the 'myscadagate.exe' file to minimize the risk of exploitation.