cbcvebase.
CVE-2023-28384
published 2023-04-27

CVE-2023-28384: mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.

PriorityP274high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
44.81%
98.6th percentile
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.

Affected

2 ranges
VendorProductVersion rangeFixed in
myscadamypro<= 8.26.0
myscada_technologiesmyscada_mypro<= 8.26.0

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/mypro_cmdexe.rb
  • Target product is mySCADA myPRO versions 8.26.0 and prior (also referenced as <= v8.28.0 in Metasploit module); monitor for authenticated HTTP requests containing OS command injection payloads in parameters sent to the myPRO web interface.
  • A public Metasploit exploit module exists (exploits/windows/scada/mypro_cmdexe); alert on use of this module path or matching exploit traffic patterns against mySCADA myPRO endpoints.
  • Exploitation results in command execution as NT AUTHORITY\SYSTEM; monitor for unexpected SYSTEM-level process spawning from the myPRO service process on Windows hosts running mySCADA myPRO.
  • ·The NVD and CISA advisory state affected versions as 8.26.0 and prior, while the Metasploit module references <= v8.28.0; defenders should treat all versions below 8.29.0 as vulnerable per the vendor's own remediation guidance.
  • ·Exploitation requires authentication (low-privilege authenticated user); detection rules should account for the attacker already possessing valid credentials, making pre-auth blocking insufficient as a sole control.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.