Every CVE whose affected-product data names Myscada Mypro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2021-43984 — CVSS 10.0 (critical): mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary…
CVE-2021-44453 — CVSS 10.0 (critical): mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to…
CVE-2021-43981 — CVSS 10.0 (critical): mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system…
CVE-2021-22657 — CVSS 10.0 (critical): mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject…
CVE-2021-23198 — CVSS 10.0 (critical): mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary…
CVE-2025-24865 — CVSS 10.0 (critical): The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker…
CVE-2022-2234 — CVSS 9.9 (critical): An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.
CVE-2021-43987 — CVSS 9.8 (critical): An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web…
CVE-2025-25067 — CVSS 9.8 (critical): mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
CVE-2024-4708 — CVSS 9.8 (critical): mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
CVE-2018-11311 — CVSS 9.1 (critical): A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the…
CVE-2021-43985 — CVSS 9.1 (critical): An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.
CVE-2023-28716 — CVSS 8.8 (high): mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system…
CVE-2023-29169 — CVSS 8.8 (high): mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system…
CVE-2023-28400 — CVSS 8.8 (high): mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system…
CVE-2023-29150 — CVSS 8.8 (high): mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system…
CVE-2022-0999 — CVSS 8.8 (high): An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and…
CVE-2023-28384 — CVSS 8.8 (high): mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system…
CVE-2025-22896 — CVSS 8.6 (high): mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
CVE-2021-33013 — CVSS 8.2 (high): mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.
CVE-2017-12730 — CVSS 7.8 (high): An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path…
CVE-2021-43989 — CVSS 7.5 (high): mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password…
CVE-2021-33009 — CVSS 7.5 (high): mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.
CVE-2021-33005 — CVSS 7.5 (high): mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.
CVE-2021-27505 — CVSS 7.5 (high): mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.
CVE-2025-23411 — CVSS 6.3 (medium): mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An…
CVE-2018-11517 — CVSS 5.3 (medium): mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to…