CVE-2024-52034 CRITICAL

CVE-2024-52034: mySCADA myPRO OS Command Injection

Vendor Myscada

Product myPRO Manager

Weakness CWE-78

Published November 22, 2024

Last update November 25, 2024

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.

Key dates

02Disclosure timeline

November 22, 2024 CVE published

November 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-52034 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2024-52034

CWE CWE-78

CVSS 10.0 / CRITICAL

Affected versions

Vendor Myscada

Product myPRO Manager

Affected < 1.3

Vendor Myscada

Product myPRO Runtime

Affected < 9.2.1

CVE-2024-52034: mySCADA myPRO OS Command Injection

01Description

02Disclosure timeline

03References

04Related CVE