Description
An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100815
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01
Scores
CVSS v3
7.8
EPSS
0.0073
EPSS Percentile
49.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (2)
myscada/mypro
< 7.0.26
n/a/mySCADA myPRO
mySCADA myPRO
Published
Oct 06, 2017
Tracked Since
Feb 18, 2026