CVE-2024-47407 CRITICAL

CVE-2024-47407: mySCADA myPRO OS Command Injection

Vendor Myscada
Product myPRO Manager
Weakness CWE-78
Published November 22, 2024
Last update November 25, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.

Key dates

02Disclosure timeline

November 22, 2024 CVE published
November 25, 2024 Record updated

Related vulnerabilities

04Related CVE