PT-2022-3889 · Myscada · Myscada Mypro

Michael Heinzl

Published

2022-04-11

Updated

2022-04-18

CVE-2022-0999

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions mySCADA myPRO versions 8.25.0 and prior

Description The issue is related to the lack of input data sanitization in the mySCADA myPRO system, which can be exploited by an authenticated user to inject arbitrary operating system commands. This could allow a remote attacker to execute arbitrary commands.

Recommendations For mySCADA myPRO versions 8.25.0 and prior, consider restricting access to parameters that can be misused for command injection until a patch is available. As a temporary workaround, avoid using parameters that can be exploited for arbitrary command execution in the affected system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2022-04698

CVE-2022-0999

Affected Products

Myscada Mypro

PT-2022-3889 · Myscada · Myscada Mypro

CVE-2022-0999

Weakness Enumeration

Related Identifiers

Affected Products

References · 5