CVE-2024-47407

Summary

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.

Affected Software

VendorProductVersion RangeStatus
mySCADAmyPRO Manager0 < 1.3affected
mySCADAmyPRO Runtime0 < 9.2.1affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References