PatchSiren cyber security CVE debrief
CVE-2024-52034 mySCADA CVE debrief
A critical OS command injection vulnerability in mySCADA myPRO Manager allows unauthenticated remote attackers to execute arbitrary operating system commands. The vulnerability, published by CISA on November 21, 2024, carries a CVSS 3.1 score of 10.0 (Critical) with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The scope is changed, with high impact on confidentiality, integrity, and availability. Affected products include myPRO Manager versions prior to 1.3 and myPRO Runtime versions prior to 9.2.1. The vulnerability exists due to improper neutralization of special elements in a command parameter, enabling command injection without authentication.
- Vendor
- mySCADA
- Product
- myPRO Manager
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-21
- Original CVE updated
- 2024-11-21
- Advisory published
- 2024-11-21
- Advisory updated
- 2024-11-21
Who should care
Organizations operating mySCADA myPRO Manager or myPRO Runtime in industrial control system (ICS) environments, particularly those with internet-exposed or poorly segmented OT networks. Critical infrastructure operators, manufacturing facilities, and utilities relying on mySCADA products for process control and monitoring should prioritize immediate patching and network access restrictions.
Technical summary
CVE-2024-52034 is an OS command injection vulnerability in mySCADA myPRO Manager and myPRO Runtime. An unauthenticated remote attacker can inject arbitrary operating system commands through a parameter within a command. The vulnerability is rated Critical (CVSS 3.1: 10.0) due to network accessibility, low complexity, no authentication requirements, and high impacts across confidentiality, integrity, and availability with scope change. Affected versions: myPRO Manager prior to 1.3, myPRO Runtime prior to 9.2.1. Remediation requires updating to myPRO Manager 1.3 and myPRO Runtime 9.2.1.
Defensive priority
CRITICAL
Recommended defensive actions
- Immediately update myPRO Manager to version 1.3 or later and myPRO Runtime to version 9.2.1 or later per vendor guidance.
- Restrict network access to myPRO Manager and myPRO Runtime systems to authorized administrative hosts only; deploy firewall rules to block internet-facing exposure.
- Monitor for anomalous command execution, unexpected child processes, or unauthorized network connections originating from myPRO systems.
- Review system logs for indicators of compromise, particularly around the time of the advisory publication (November 21, 2024) and thereafter.
- Apply network segmentation to isolate OT/ICS environments hosting myPRO products from enterprise IT networks and the internet.
- Disable or remove unnecessary services and features in myPRO deployments to reduce attack surface.
Evidence notes
CISA ICS Advisory ICSA-24-326-07 confirms unauthenticated remote OS command injection via a parameter within a command. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Affected products: myPRO Manager <1.3, myPRO Runtime <9.2.1.
Official resources
-
CVE-2024-52034 CVE record
CVE.org
-
CVE-2024-52034 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-21