mySCADA myPRO Manager

Act NowCVSS 10ICS-CERT ICSA-24-326-07Nov 21, 2024

mySCADAEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

mySCADA myPRO Manager and myPRO Runtime contain multiple vulnerabilities (CWE-78 command injection, CWE-287 improper authentication, CWE-306 missing authorization, CWE-35 path traversal) that allow a remote attacker to execute arbitrary commands or access sensitive information without authentication. The vulnerabilities affect myPRO Manager versions below 1.3 and myPRO Runtime versions below 9.2.1. Successful exploitation could allow an attacker to alter process control logic or disclose confidential configuration and operational data.

What this means

What could happen

An attacker with network access to myPRO Manager or Runtime could execute arbitrary commands on your SCADA server or runtime platform, allowing them to alter control logic, modify setpoints, or shut down critical processes. They could also steal sensitive configuration and operational data.

Who's at risk

Energy sector operators using mySCADA myPRO Manager or myPRO Runtime for SCADA monitoring and control should prioritize patching. This affects any organization relying on these platforms for supervisory control of generation, transmission, or distribution equipment.

How it could be exploited

An attacker on the network can send a specially crafted request to myPRO Manager or Runtime without needing credentials. The server processes the request unsafely, allowing the attacker to run arbitrary commands with the privileges of the service account, which typically has broad access to the control system.

Prerequisites

Network access to myPRO Manager or Runtime listening port
No authentication required
Service must be running with standard configuration

remotely exploitableno authentication requiredlow complexityhigh EPSS score (68.9%)affects SCADA systemsarbitrary code execution capability

Exploitability

Likely to be exploited — EPSS score 68.9%

Metasploit module available — weaponized exploitView module ↗

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

myPRO Manager: <1.3<1.31.3+

myPRO Runtime: <9.2.1<9.2.19.2.1+

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to myPRO Manager and Runtime to authorized workstations only using firewall rules

HARDENINGEnsure myPRO Manager and Runtime are not directly reachable from the internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate myPRO Manager to version 1.3 or later

HOTFIXUpdate myPRO Runtime to version 9.2.1 or later

Long-term hardening

0/1

HARDENINGIsolate myPRO systems from the business network; route only through a secure jump server or VPN gateway if remote access is required

CVEs (5)

CVE-2024-47407 CVE-2024-52034 CVE-2024-45369 CVE-2024-47138 CVE-2024-50054

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/130ad05b-499c-4c57-a8c3-351d12974c7d

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.