A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
History

Mon, 25 Nov 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Myscada
Myscada mypro Manager
Myscada mypro Runtime
CPEs cpe:2.3:a:myscada:mypro_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:myscada:mypro_runtime:*:*:*:*:*:*:*:*
Vendors & Products Myscada
Myscada mypro Manager
Myscada mypro Runtime
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 22:30:00 +0000

Type Values Removed Values Added
Description A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
Title mySCADA myPRO OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-11-22T22:15:03.490Z

Updated: 2024-11-25T20:19:08.895Z

Reserved: 2024-11-13T20:44:28.680Z

Link: CVE-2024-47407

cve-icon Vulnrichment

Updated: 2024-11-25T20:18:49.062Z

cve-icon NVD

Status : Received

Published: 2024-11-22T23:15:05.347

Modified: 2024-11-22T23:15:05.347

Link: CVE-2024-47407

cve-icon Redhat

No data.