### #IndustrialAutomation #HMIExploits #SCADAThreats
Summary: Researchers have identified critical vulnerabilities in mySCADA’s myPRO software that could allow remote attackers to gain unauthorized access to critical infrastructure. The vulnerabilities pose significant risks due to the software’s widespread use in industrial sectors and its compatibility with various operating systems.
Threat Actor: Unknown | unknown
Victim: mySCADA | mySCADA
Key Point :
- Critical vulnerabilities include multiple OS command injection flaws and weak authentication mechanisms.
- Exploitation could lead to complete control over myPRO software and the underlying operating system.
- Default configurations expose services on all network interfaces, increasing the risk of unauthorized access.
- mySCADA has released updates to address these vulnerabilities, but many instances remain internet-facing.
- Organizations are urged to apply security updates promptly and conduct comprehensive security assessments.
Researchers have disclosed critical vulnerabilities in mySCADA’s myPRO software, a widely deployed industrial automation platform. These security flaws could permit remote attackers to gain unauthorized access and complete control over critical infrastructure without authentication.
myPRO is a prominent Human-Machine Interface (HMI) and Supervisory Control and Data Acquisition (SCADA) system utilized across various industrial sectors for the visualization and management of operational processes. Its broad compatibility with Windows, macOS, and Linux operating systems, encompassing servers, PCs, and embedded devices, amplifies the potential impact of these vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory detailing the vulnerabilities, which include:
- CVE-2024-47407 (CVSSv4 10): OS command injection vulnerability within myPRO Manager due to improper input validation.
- CVE-2024-52034 (CVSSv4 10): A second OS command injection vulnerability in myPRO Manager.
- CVE-2024-45369 (CVSSv4 9.2): Weak authentication mechanism in the web application.
- CVE-2024-47138 (CVSSv4 9.3): Administrative interface listens on all interfaces without authentication by default.
- CVE-2024-50054 (CVSSv4 8.7): Path traversal vulnerability enabling arbitrary file retrieval.
Successful exploitation of these vulnerabilities could grant unauthorized remote access, potentially leading to the complete compromise of both the myPRO software and the underlying operating system. The agency highlights the increased risk posed by the default configuration of the vulnerable service, which is accessible on all network interfaces immediately following installation.
mySCADA has released updated versions of the affected software components (myPRO Manager version 1.3 and myPRO Runtime version 9.2.1) to remediate these vulnerabilities. However, the extent of potential exploitation remains unknown. Censys search engine data indicates that a significant number of mySCADA instances are internet-facing, raising concerns about the security posture of these deployments.
Organizations utilizing mySCADA myPRO are strongly advised to implement the necessary security updates without delay and conduct thorough security assessments to mitigate the risk of compromise.