PatchSiren cyber security CVE debrief
CVE-2024-47138 mySCADA CVE debrief
A critical vulnerability in mySCADA myPRO Manager and myPRO Runtime exposes administrative interfaces without authentication by default. The administrative interface listens on all network interfaces on a TCP port and does not require authentication for access, allowing unauthenticated remote attackers to gain full administrative control over affected systems. This vulnerability affects myPRO Manager versions prior to 1.3 and myPRO Runtime versions prior to 9.2.1. The issue was disclosed by CISA on November 21, 2024, with a CVSS 3.1 score of 9.8 (Critical). Organizations should prioritize patching to the fixed versions and implement network segmentation controls immediately.
- Vendor
- mySCADA
- Product
- myPRO Manager
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-21
- Original CVE updated
- 2024-11-21
- Advisory published
- 2024-11-21
- Advisory updated
- 2024-11-21
Who should care
Organizations running mySCADA myPRO Manager or myPRO Runtime in operational technology (OT) environments, industrial control system (ICS) operators, critical infrastructure providers, and security teams responsible for SCADA/ICS security should prioritize this vulnerability for immediate remediation.
Technical summary
The mySCADA myPRO Manager and myPRO Runtime products ship with an administrative interface that binds to all network interfaces (0.0.0.0) on a TCP port without requiring authentication. This default configuration allows any network-connected attacker to connect to and fully administer the affected system without credentials. The vulnerability is remotely exploitable with low attack complexity, requires no privileges or user interaction, and can result in complete compromise of confidentiality, integrity, and availability. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, scoring 9.8 Critical. Fixed versions are myPRO Manager 1.3 and myPRO Runtime 9.2.1.
Defensive priority
critical
Recommended defensive actions
- Update myPRO Manager to version 1.3 or later
- Update myPRO Runtime to version 9.2.1 or later
- Restrict network access to administrative interfaces through firewall rules or network segmentation
- Verify administrative interfaces are not exposed to untrusted networks
- Monitor for unauthorized access attempts to administrative ports
Evidence notes
CISA ICS advisory ICSA-24-326-07 confirms the administrative interface listens on all interfaces by default without requiring authentication. Affected products are myPRO Manager versions before 1.3 and myPRO Runtime versions before 9.2.1.
Official resources
-
CVE-2024-47138 CVE record
CVE.org
-
CVE-2024-47138 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-21