Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior

Arbitrary Command Injection Vulnerability in mySCADA myPRO Versions 8.20.0 and Prior

CVE-2021-22657 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

Learn more about our Api Penetration Testing.