mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. Referenceshttps://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06
