CVE-2024-4708
published 2024-07-02CVE-2024-4708: mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.00%
58.3th percentile
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | < 8.31.0 | 8.31.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability involves a hard-coded password in mySCADA myPRO versions prior to 8.31.0, enabling unauthenticated remote code execution. Detect exploitation attempts by monitoring for unexpected remote connections or command execution on myPRO instances, particularly from unauthenticated sources. ↗
- →Identify unpatched mySCADA myPRO deployments by checking for versions prior to 8.31.0 exposed on the network, especially those accessible from the internet. ↗
- ·No specific hard-coded password value, exploit payload, network port, or file-system artifact was disclosed in the available sources. The advisory confirms the vulnerability class (CWE-259) but provides no actionable credential or byte-level indicator. ↗
- ·No known public exploitation has been reported at time of advisory publication, limiting the availability of observed attack-pattern IOCs. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
mySCADA myPRO
cisa_ics·2024-07-02·CVSS 9.3
[CRITICAL] mySCADA myPRO
ICS Advisory
##
mySCADA myPRO
Release DateJuly 02, 2024
Alert CodeICSA-24-184-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: mySCADA
- Equipment: myPRO
- Vulnerability: Use of Hard-coded Password
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to remotely execute code on the affected device.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following mySCADA products are affected:
- myPRO: Versions prior to 8.31.0
## 3.2 Vulnerability Overview
## 3.2.1 USE OF HARD-CODED PASSWORD CWE-259
The affected application uses a hard-coded password which cou
GHSA
GHSA-8w3c-2jv9-vpm4: mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device
ghsa_unreviewed·2024-07-03
CVE-2024-4708 [CRITICAL] CWE-259 GHSA-8w3c-2jv9-vpm4: mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device
mySCADA myPRO
uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-02
Published