myscada 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥 and vendor risk csrf があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-25067 | mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. | [email protected] | 9.3 | 1.24% | 2025-02-13 | 2025-04-23 |
| CVE-2025-24865 | The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | [email protected] | 10.0 | 67.23% | 2025-02-13 | 2025-03-04 |
| CVE-2025-23411 | mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website. | [email protected] | 5.1 | 0.32% | 2025-02-13 | 2025-03-04 |
| CVE-2025-22896 | mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. | [email protected] | 9.2 | 37.43% | 2025-02-13 | 2025-03-04 |
| CVE-2024-4708 | mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device. | [email protected] | 9.3 | 0.34% | 2024-07-02 | 2024-11-21 |
| CVE-2023-29169 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | [email protected] | 8.8 | 0.44% | 2023-04-27 | 2025-01-17 |
| CVE-2023-29150 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | [email protected] | 8.8 | 0.44% | 2023-04-27 | 2025-01-17 |
| CVE-2023-28716 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | [email protected] | 8.8 | 0.32% | 2023-04-27 | 2025-01-17 |
| CVE-2023-28400 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | [email protected] | 8.8 | 0.75% | 2023-04-27 | 2025-01-17 |
| CVE-2023-28384 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | [email protected] | 8.8 | 63.06% | 2023-04-27 | 2025-01-17 |
| CVE-2022-2234 | An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | [email protected] | 9.9 | 0.36% | 2022-08-24 | 2024-11-21 |
| CVE-2021-33013 | mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information. | [email protected] | 8.2 | 0.15% | 2022-05-13 | 2024-11-21 |
| CVE-2021-33009 | mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system. | [email protected] | 7.5 | 0.24% | 2022-05-13 | 2024-11-21 |
| CVE-2021-33005 | mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | [email protected] | 7.5 | 0.31% | 2022-05-13 | 2024-11-21 |
| CVE-2021-27505 | mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information. | [email protected] | 7.5 | 0.18% | 2022-05-13 | 2024-11-21 |
| CVE-2022-0999 | An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | [email protected] | 8.8 | 0.37% | 2022-04-11 | 2024-11-21 |
| CVE-2021-44453 | mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | [email protected] | 10.0 | 0.29% | 2021-12-23 | 2024-11-21 |
| CVE-2021-43989 | mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. | [email protected] | 7.5 | 0.13% | 2021-12-23 | 2024-11-21 |
| CVE-2021-43987 | An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface. | [email protected] | 9.8 | 0.22% | 2021-12-23 | 2024-11-21 |
| CVE-2021-43985 | An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | [email protected] | 9.1 | 0.20% | 2021-12-23 | 2024-11-21 |