OTPulse
FeedAboutContact

mySCADA myPRO

Monitor7.8ICS-CERT ICSA-17-255-01Sep 12, 2017
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

mySCADA myPRO versions 7.0.26 and earlier contain an improper privilege separation vulnerability (CWE-428) that allows local users with standard account privileges to escalate to administrative level access on the SCADA system. Public exploits for this flaw are available and require low technical skill to execute. An attacker with local console or remote desktop access to a myPRO workstation can abuse this privilege gap to gain full control of the SCADA process control logic and data.

What this means
What could happen
An attacker with local access to a myPRO workstation could gain administrative control of the SCADA system, allowing them to modify process parameters, alter historical data, or disrupt operations.
Who's at risk
SCADA operations staff and engineers using myPRO in energy sector facilities. This affects anyone who has local access to engineering workstations running myPRO versions 7.0.26 and earlier, including contractors, maintenance personnel, and unauthorized individuals with physical facility access.
How it could be exploited
An attacker with local user privileges on a myPRO system can escalate to administrative/system privileges due to weak privilege separation. This escalation requires local access to the machine but no additional credentials or complex attack steps.
Prerequisites
  • Local access to a system running myPRO 7.0.26 or earlier
  • Valid user account on the affected system (non-administrative privileges sufficient)
low complexity exploitationpublic exploits availablelocal privilege escalationno patch available for end-of-life versionsaffects process control capabilities
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
myPRO:≤ 7.0.26No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict local console and RDP access to myPRO systems to authorized engineers only; disable unnecessary local user accounts
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade myPRO to version 7.0.27 or later when available from vendor
HARDENINGImplement OS-level privilege restrictions on myPRO workstations; remove local administrator group membership for non-administrators
Mitigations - no patch available
0/1
myPRO: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGSegment myPRO engineering workstations from corporate network and general IT systems using air-gap or dedicated network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fd65a11d-34af-4d87-9e16-7196091c0dba
mySCADA myPRO | CVSS 7.8 - OTPulse