CVE-2023-28716
CVE-2023-28716

8.8HIGH

Key Information:

Vendor: Myscada Technologies
Status: Myscada Mypro
Vendor: CVE Published:; 27 April 2023

Summary

The mySCADA myPRO application versions up to 8.26.0 are susceptible to a command injection vulnerability that allows authenticated users to execute arbitrary operating system commands. This flaw could potentially lead to unauthorized access and manipulation of the system, making it critical for users to apply security updates and ensure that proper validation mechanisms are in place to mitigate these risks.

Affected Version(s)

mySCADA myPRO 0 <= 8.26.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2023
Vulnerability Reserved
Apr 3, 2023