CVE-2018-11311

CRITICAL

mySCADA myPRO 7 - Use of Hard-coded Credentials in myscadagate.exe

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-11311. PoCs published by Emre ÖVÜNÇ, EmreOvunc.

AI-analyzed exploit summary This exploit leverages hardcoded FTP credentials in mySCADA myPRO v7 to authenticate without prior knowledge. The PoC provides direct access to the FTP service using the static username 'myscada' and password 'Vikuk63'.

Description

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.

Exploits (2)

exploitdb WORKING POC
by Emre ÖVÜNÇ · textremotehardware
https://www.exploit-db.com/exploits/48620

This exploit leverages hardcoded FTP credentials in mySCADA myPRO v7 to authenticate without prior knowledge. The PoC provides direct access to the FTP service using the static username 'myscada' and password 'Vikuk63'.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: mySCADA myPRO v7.0.45
No auth needed
Prerequisites: network access to the target FTP service on port 2121
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP 12 stars
by EmreOvunc · poc
https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password

This repository documents CVE-2018-11311, a hardcoded FTP credential vulnerability in mySCADA myPRO 7. The credentials (myscada:Vikuk63) allow unauthorized access to the FTP server running on port 2121.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: mySCADA myPRO 7
No auth needed
Prerequisites: Network access to port 2121
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf
Mitigation, Technical Description, Third Party Advisory x_refsource_misc
https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password
Mitigation, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44656/

Scores

CVSS v3 9.1
EPSS 0.1593
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-798
Status published
Products (1)
myscada/mypro 7.0
Published May 20, 2018
Tracked Since Feb 18, 2026