An update is available to handle a use of hard-coded password vulnerability in mySCADA’s myPRO, according to a report with CISA.

Successful exploitation of this remotely exploitable vulnerability, discovered by Nassim Asrir working with Trend Micro Zero Day Initiative, could allow an attacker to remotely execute code on the affected device.

The following mySCADA products suffer from the vulnerability: myPRO, versions prior to 8.31.0.

In the vulnerability, the affected application uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.

CVE-2024-4708 is the case number for this vulnerability, which has a CVSS v3.1 base score of 9.8. There is also a CVSS v4 base score of 9.3.

Schneider Bold

The product sees use mainly in the critical manufacturing sector, and on a global basis.

Czech Republic-based mySCADA recommends updating myPRO to v8.31.0.

No known exploit targets his vulnerability. However, an attacker could leverage this low complexity vulnerability.

ISSSource

Pin It on Pinterest

Share This