Description
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
Exploits (1)
nomisec
WORKING POC
4 stars
by EmreOvunc · poc
https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure
References (2)
Core 2
Core References
Not Applicable x_refsource_misc
https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb
Exploit, Third Party Advisory x_refsource_misc
https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure
Scores
CVSS v3
5.3
EPSS
0.0343
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
myscada/mypro
7.0
Published
May 28, 2018
Tracked Since
Feb 18, 2026