CVE-2022-2234

Name of the Vulnerable Software and Affected Versions mySCADA myPRO version 8.26.0

Description The issue is related to the lack of input data sanitization in the mySCADA myPRO system, which can be exploited by a remote attacker to execute arbitrary commands. An authenticated user of mySCADA myPRO may be able to modify parameters to run commands directly in the operating system.

Recommendations For mySCADA myPRO version 8.26.0, consider restricting access to the system to prevent authenticated users from modifying parameters that could lead to command execution in the operating system. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.