SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-815543588] mySCADA myPRO

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-09-12OthermySCADAKarn Ganeshen reported this vulnerability to ICS-CERT. N/ACVE-2017-1273 N/AN/AN/A

Source

						
							
								
#
# mySCADA myPRO
#


### VULNERABLE VENDOR
mySCADA


### VULNERABLE PRODUCT
myPRO



### RESEARCHER
Karn Ganeshen reported this vulnerability to ICS-CERT.



### AFFECTED PRODUCTS

The following versions of myPRO, an HMI/SCADA management platform, are affected:

myPRO Versions 7.0.26 and prior.



### IMPACT

Successful exploitation of this vulnerability may allow an authenticated, but nonprivileged, local user to execute arbitrary code with elevated privileges.



### VULNERABILITY OVERVIEW

UNQUOTED SEARCH PATH OR ELEMENT CWE-428
Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
CVE-2017-12730 has been assigned to this vulnerability.
A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND

Critical Infrastructure Sectors: Energy, Food and Agriculture, Transportation Systems, and Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Czech Republic




### MITIGATION

mySCADA has released new versions that address the identified vulnerability. mySCADA recommends users update to the latest version which can be found at this location:

https://www.myscada.org/download/