mySCADA myPRO Manager

Act Now10ICS-CERT ICSA-24-326-07Nov 21, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

mySCADA myPRO Manager and myPRO Runtime contain multiple critical vulnerabilities (CWE-78 command injection, CWE-287 authentication bypass, CWE-306 missing authorization, CWE-35 information exposure) that allow a remote attacker without credentials to execute arbitrary system commands or disclose sensitive information. Affected versions: myPRO Manager versions prior to 1.3, myPRO Runtime versions prior to 9.2.1.

What this means

What could happen

An attacker could run arbitrary commands on myPRO Manager or Runtime systems, potentially altering process setpoints, stopping critical energy generation or distribution operations, or extracting sensitive configuration and control data from your SCADA environment.

Who's at risk

Energy sector operators using mySCADA myPRO Manager or Runtime for SCADA management and real-time process control. This affects distribution control centers, generation facilities, and substations that rely on myPRO for supervisory and operational command execution.

How it could be exploited

An attacker on the network reaches the myPRO Manager or Runtime service over the network without credentials, exploits the command injection or authentication bypass vulnerabilities, and executes arbitrary system commands with the privileges of the service process.

Prerequisites

Network access to myPRO Manager or Runtime service (typically port 5001 or 5002, confirm in your environment)
No credentials required for exploitation
Service must be running and network-accessible

Remotely exploitable over the networkNo authentication requiredLow complexity attackHigh EPSS score (74.7%)No patch available for affected versionsCritical CVSS score (10.0)Affects critical energy infrastructure

Exploitability

High exploit probability (EPSS 74.7%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

myPRO Manager: <1.3<1.31.3 or later

myPRO Runtime: <9.2.1<9.2.19.2.1 or later

Remediation & Mitigation

0/5

Do now

0/3

HOTFIXUpdate mySCADA PRO Manager to version 1.3 or later

HOTFIXUpdate mySCADA PRO Runtime to version 9.2.1 or later

WORKAROUNDRestrict network access to myPRO Manager and Runtime services using firewall rules; only allow connections from authorized engineering workstations and control system networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to myPRO is required, deploy a VPN with current patches and restrict access to named users only

Long-term hardening

0/1

HARDENINGSegment myPRO Manager and Runtime systems from the business network; confirm they are not directly accessible from the internet

CVEs (5)

CVE-2024-47407 CVE-2024-52034 CVE-2024-45369 CVE-2024-47138 CVE-2024-50054

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/130ad05b-499c-4c57-a8c3-351d12974c7d