CVE-2018-11311

EPSS 15.9%

A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.

Affected products

n/a · n/a

public PoCs found — 3

githubgithub.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password★ 12 cve_referencewww.exploit-db.com/exploits/44656/unverified exploitdbwww.exploit-db.com/exploits/48620unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password https://www.exploit-db.com/exploits/44656/