CVE-2023-28716: OS Command Injection
First published: Thu Apr 27 2023(Updated: )
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| mySCADA myPRO | <=8.26.0 | |
| mySCADA Technologies myPRO: versions 8.26.0 and prior |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the mySCADA myPRO vulnerability?
The vulnerability ID for the mySCADA myPRO vulnerability is CVE-2023-28716.
What is the severity of CVE-2023-28716?
The severity of CVE-2023-28716 is high with a severity value of 8.8.
What is the affected software for CVE-2023-28716?
The affected software for CVE-2023-28716 is mySCADA myPRO versions 8.26.0 and prior.
How can an authenticated user exploit CVE-2023-28716?
An authenticated user can exploit CVE-2023-28716 by injecting arbitrary operating system commands through certain parameters.
Is there a fix available for CVE-2023-28716?
It is advised to update mySCADA myPRO to version 8.26.1 or later to mitigate CVE-2023-28716.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/event
- vendor/myscada
- canonical/myscada mypro
- version/myscada mypro/8.26.0
- vendor/myscada technologies
- canonical/myscada technologies mypro: versions 8.26.0 and prior