Description
An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-01
Scores
CVSS v3
9.8
EPSS
0.0118
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-912
Status
published
Products (1)
myscada/mypro
< 8.20.0
Published
Dec 23, 2021
Tracked Since
Feb 18, 2026