Arbitrary Command Injection in mySCADA myPRO Versions 8.20.0 and Prior

Arbitrary Command Injection in mySCADA myPRO Versions 8.20.0 and Prior

CVE-2021-43981 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.

Learn more about our Web Application Penetration Testing UK.