CVE-2018-11517

Published: May 28, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.

Affected (1)

Products: Myscada: Mypro

Myscada

1 product

Mypro

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Myscada Mypro	Version 7.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb

Source: cve@mitre.org

Not Applicable

https://github.com/EmreOvunc/mySCADA-myPRO-7-projectID-Disclosure

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.emreovunc.com/blog/en/mypro_enum_projectid.rb

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.