OTPulse
FeedAboutContact

mySCADA myPRO

Act Now9.8ICS-CERT ICSA-24-184-02Jul 2, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

mySCADA myPRO versions prior to 8.31.0 contain a hardcoded credentials vulnerability (CWE-259) that allows remote code execution without authentication. The vulnerability has a CVSS score of 9.8 and requires only network access to exploit.

What this means
What could happen
An attacker can remotely execute arbitrary code on myPRO devices without authentication, potentially disrupting energy production or distribution operations and compromising system integrity.
Who's at risk
Energy sector operators using mySCADA myPRO controllers for process automation and control should prioritize this patch. This affects any facility relying on myPRO for real-time process monitoring and command execution in generation, transmission, or distribution systems.
How it could be exploited
An attacker on the network sends a malicious request to the myPRO device (port/service unspecified in advisory). The vulnerability allows code execution without authentication due to hardcoded credentials or insufficient input validation. This could allow the attacker to alter process settings, stop operations, or install persistent backdoors on the controller.
Prerequisites
  • Network access to myPRO device
  • Device must be running version 8.31.0 or earlier
remotely exploitableno authentication requiredlow complexitycritical severity (CVSS 9.8)affects energy sector operations
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
myPRO: <8.31.0<8.31.08.31.0
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGRestrict network access to myPRO devices: do not expose them to the internet and place them behind firewalls isolated from business networks
HARDENINGIf remote access is required, implement a VPN connection to the myPRO device and keep VPN software updated
HARDENINGPerform impact analysis before deploying any defensive measures to understand effect on operational continuity
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate myPRO to version 8.31.0 or later
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3673958f-d867-45af-b220-01281751fb63
mySCADA myPRO | CVSS 9.8 - OTPulse