PT-2023-2168 · Myscada · Myscada Mypro
Michael Heinzl
·
Published
2023-04-06
·
Updated
2025-01-17
·
CVE-2023-28400
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
mySCADA myPRO versions 8.26.0 and prior
Description
The issue exists due to the lack of measures to neutralize special elements used in operating system commands. This could allow a remote attacker to execute arbitrary commands. An authenticated user could exploit parameters to inject arbitrary operating system commands.
Recommendations
For mySCADA myPRO versions 8.26.0 and prior, consider restricting access to parameters that could be used to inject arbitrary operating system commands until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Myscada Mypro