myscada

28 Oct 2017

[ICS] mySCADA myPRO Unquoted Search Path Vulnerability

Vendor: mySCADA
Equipment: myPRO
Vulnerability: Unquoted Search Path

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-255-01

CVE-ID
CVE-2017-12694

AFFECTED PRODUCTS
The following versions of myPRO, an HMI/SCADA management platform, are affected:

  • myPRO Versions 7.0.26 and prior.


IMPACT

Successful exploitation of this vulnerability may allow an authenticated, but non-privileged, local user to execute arbitrary code with elevated privileges.

Read on for details.

Read more