cbcvebase.
CVE-2024-47138
published 2024-11-22

CVE-2024-47138: The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.75%
50.3th percentile
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.

Affected

2 ranges
VendorProductVersion rangeFixed in
myscadamypro_manager< 1.31.3
myscadamypro_runtime< 9.2.19.2.1

Detection & IOCsextracted from sources · hover to see the quote

  • The mySCADA myPRO Manager administrative interface listens by default on all interfaces on a TCP port without requiring authentication — monitor for unauthenticated inbound TCP connections to the administrative port on myPRO Manager hosts.
  • Alert on any remote access to the mySCADA myPRO Manager administrative interface from untrusted or internet-facing networks, as the service is exposed on all interfaces by default with no authentication barrier.
  • ·CVE-2024-47138 affects mySCADA myPRO Manager versions prior to 1.3 and myPRO Runtime versions prior to 9.2.1. The administrative interface binds to all network interfaces by default, making it reachable from any network segment without authentication.
  • ·No specific TCP port number for the vulnerable administrative interface is disclosed in the available sources; defenders should enumerate listening ports on myPRO Manager hosts to identify the exact port.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.