PatchSiren cyber security CVE debrief
CVE-2024-47407 mySCADA CVE debrief
A critical unauthenticated remote command injection vulnerability exists in mySCADA myPRO Manager and myPRO Runtime. The flaw stems from improper input validation on a parameter within a command, allowing unauthenticated remote attackers to inject arbitrary operating system commands. The vulnerability carries a CVSS 3.1 score of 10.0 (Critical), indicating network-based attack vector with low complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability with scope change. CISA published advisory ICSA-24-326-07 on November 21, 2024, identifying affected versions as myPRO Manager prior to 1.3 and myPRO Runtime prior to 9.2.1. The vendor has released patched versions to address this vulnerability. Organizations using affected products should prioritize patching due to the unauthenticated nature of the attack and complete compromise potential.
- Vendor
- mySCADA
- Product
- myPRO Manager
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-21
- Original CVE updated
- 2024-11-21
- Advisory published
- 2024-11-21
- Advisory updated
- 2024-11-21
Who should care
Organizations operating mySCADA myPRO Manager or myPRO Runtime in industrial control system environments, particularly those with internet-exposed or minimally segmented SCADA infrastructure. Critical infrastructure operators, manufacturing facilities, and utilities utilizing mySCADA products should prioritize assessment and patching.
Technical summary
The vulnerability exists due to insufficient input validation on a parameter within a command handler in myPRO Manager. An unauthenticated remote attacker can exploit this weakness to inject and execute arbitrary operating system commands on the underlying host. The attack requires no authentication, no user interaction, and is exploitable over the network with low complexity. Successful exploitation grants the attacker complete control over the affected system with high impact to confidentiality, integrity, and availability. The scope change indicator (S:C) in the CVSS vector suggests the vulnerable component impacts resources beyond its security scope. Both myPRO Manager and myPRO Runtime are affected, with patches available in versions 1.3 and 9.2.1 respectively.
Defensive priority
Critical
Recommended defensive actions
- Immediately update myPRO Manager to version 1.3 or later and myPRO Runtime to version 9.2.1 or later per vendor guidance
- If immediate patching is not feasible, restrict network access to myPRO Manager and Runtime systems to authorized administrative hosts only
- Monitor for anomalous command execution or unexpected process spawning on systems running affected mySCADA products
- Review system logs for indicators of compromise, particularly around the timeframe beginning November 21, 2024
- Apply network segmentation to isolate affected SCADA systems from untrusted networks and internet-facing infrastructure
- Implement defense-in-depth controls per CISA ICS recommended practices for industrial control systems
Evidence notes
Vulnerability disclosed via CISA CSAF advisory ICSA-24-326-07. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Affected products confirmed through CSAF product tree: myPRO Manager <1.3 and myPRO Runtime <9.2.1. Remediation guidance provided by vendor with specific version updates.
Official resources
-
CVE-2024-47407 CVE record
CVE.org
-
CVE-2024-47407 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-21