Filtered by vendor Myscada Subscriptions
Filtered by product Mypro Manager Subscriptions

Search

Switch to Advanced Search (Beta)
Total 7 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-20061 1 Myscada 1 Mypro Manager 2025-02-12 9.8 Critical
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
CVE-2025-20014 1 Myscada 1 Mypro Manager 2025-01-29 9.8 Critical
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
CVE-2024-50054 1 Myscada 2 Mypro Manager, Mypro Runtime 2024-11-26 7.5 High
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
CVE-2024-47138 1 Myscada 2 Mypro Manager, Mypro Runtime 2024-11-26 9.8 Critical
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.
CVE-2024-45369 1 Myscada 2 Mypro Manager, Mypro Runtime 2024-11-26 8.1 High
The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource.
CVE-2024-47407 1 Myscada 2 Mypro Manager, Mypro Runtime 2024-11-25 10 Critical
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
CVE-2024-52034 1 Myscada 2 Mypro Manager, Mypro Runtime 2024-11-25 10 Critical
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.