Rewterz Threat Advisory – Multiple WordPress Plugin Vulnerabilities
April 7, 2023Rewterz Threat Alert -MAKOP Ransomware – Active IOCs
April 7, 2023Rewterz Threat Advisory – Multiple WordPress Plugin Vulnerabilities
April 7, 2023Rewterz Threat Alert -MAKOP Ransomware – Active IOCs
April 7, 2023Severity
High
Analysis Summary
CVE-2023-28400 CVSS:9.9
mySCADA myPRO allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in certain parameters. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2023-28716 CVSS:9.9
mySCADA myPRO allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in certain parameters. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2023-28384 CVSS:9.9
mySCADA myPRO allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in certain parameters. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2023-29169 CVSS:9.9
mySCADA myPRO allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in certain parameters. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
CVE-2023-29150 CVSS:9.9
mySCADA myPRO allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in certain parameters. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary OS commands on the system.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2023-29017
Affected Vendors
mySCADA
Affected Products
- mySCADA myPRO 8.26.0
Remediation
Upgrade to the latest version of mySCADA myPRO, available from the mySCADA Website.