An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMyscada Mypro
APPMyscada≤ 8.20.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-25067CRITICAL9.3PL ✓ten sam produkt
Command Injection w mySCADA myPRO Manager — zdalne wykonanie poleceń OS
CVE-2025-24865CRITICAL10.0PL ✓ten sam produkt
Brak uwierzytelnienia w panelu administracyjnym mySCADA myPRO Manager
CVE-2025-22896CRITICAL9.2PL ✓ten sam produkt
mySCADA myPRO Manager — przechowywanie poświadczeń w postaci jawnej (cleartext)
CVE-2024-4708CRITICAL9.3PL ✓ten sam produkt
mySCADA myPRO — hardcoded password umożliwiający zdalne wykonanie kodu
CVE-2022-2234CRITICAL9.9ten sam produkt
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the op...