Login Sign Up

CVE-2021-33009

7.5 HIGH

📋 TL;DR

CVE-2021-33009 allows unauthenticated remote attackers to upload arbitrary files to the mySCADA myPRO system file system. This affects mySCADA myPRO versions prior to 8.20.0, potentially enabling attackers to execute malicious code or disrupt operations.

💻 Affected Systems

Products:
  • mySCADA myPRO
Versions: All versions prior to 8.20.0
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default installations; no special configuration required for exploitation.

📦 What is this software?

Mypro by Myscada

View all CVEs affecting Mypro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or operational disruption of industrial control systems.

🟠

Likely Case

Malicious file upload enabling backdoor installation, data manipulation, or denial of service attacks.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent unauthenticated access to vulnerable systems.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing systems extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require network access; risk depends on internal security controls.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Unauthenticated file upload vulnerability with straightforward exploitation path; weaponization likely given ICS/SCADA impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.20.0

Vendor Advisory: https://www.myscada.org/version-8-20-0-released-security-update

Restart Required: Yes

Instructions:

1. Download mySCADA myPRO version 8.20.0 or later from official vendor site. 2. Backup current configuration and data. 3. Install the update following vendor documentation. 4. Restart the myPRO service or system.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate myPRO systems from untrusted networks using firewalls or network segmentation.

Access Control Lists

all

Implement strict network access controls to limit connections to myPRO systems.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems from untrusted networks.
  • Deploy web application firewalls (WAF) or intrusion prevention systems (IPS) to block file upload attempts.

🔍 How to Verify

Check if Vulnerable:

Check myPRO version in administration interface or configuration files; versions below 8.20.0 are vulnerable.

Check Version:

Check myPRO web interface or consult vendor documentation for version verification commands.

Verify Fix Applied:

Confirm version is 8.20.0 or higher in administration interface or via version check command.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload activity in myPRO logs
  • Unauthenticated access attempts to file upload endpoints

Network Indicators:

  • HTTP POST requests to file upload endpoints from unauthorized sources
  • Unusual outbound connections after file upload

SIEM Query:

source="myPRO" AND (event="file_upload" OR uri="/upload") AND user="unauthenticated"

📊 Metadata

CVE ID: CVE-2021-33009
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-434
Published: May 13, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33009, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)