CVE-2018-11311

Опубликовано: 20 мая 2018

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Средний

Описание

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.

Ссылки

https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf
Mitigation
Technical Description
Third Party Advisory
https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password
Mitigation
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/44656/
Mitigation
Third Party Advisory
VDB Entry
https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf
Mitigation
Technical Description
Third Party Advisory
https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password
Mitigation
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/44656/
Mitigation
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:myscada:mypro:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.40714

Средний

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-p3gj-f53r-qh79