mySCADA myPRO Manager RCE Vulnerabilities Allow Remote Attackers to Take Control of ICS Devices

In a significant discovery, PRODAFT’s security research team has identified two critical vulnerabilities in the mySCADA myPRO Manager, a widely used Supervisory Control and Data Acquisition (SCADA) management solution.

These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially leading to severe operational disruptions and financial losses.

The vulnerabilities are classified as OS Command Injection, allowing remote attackers to execute arbitrary commands on affected systems.

The vulnerabilities exist due to improper input sanitization in the myPRO Manager.

An attacker can inject system commands and execute arbitrary code by sending specially crafted POST requests containing email or version parameters to a specific port.

The affected products include myPRO Manager versions prior to 1.3 and myPRO Runtime versions prior to 9.2.1.

Both vulnerabilities are rated as critical, with CVSS v4 scores of 9.3, indicating a high level of severity.

Impact and Exploitation

The vulnerabilities are categorized under CWE-78, which involves the improper neutralization of special elements used in an OS command.

This allows for Remote Command Execution (RCE), enabling attackers to execute arbitrary system commands.

The impact is significant, as it could lead to unauthorized access to industrial control systems (ICS), potentially disrupting operations across critical sectors such as energy and manufacturing.

The exploitation process involves sending a specially crafted POST request to a specific port, either using an email or version parameter.

According to Catalyst Report, this lack of input sanitization allows attackers to inject malicious commands, which can be executed on the system.

A successful exploitation can lead to a reverse shell, providing attackers with full control over the system.

Risk Mitigation

To mitigate these risks, organizations should apply vendor-issued patches immediately.

Additionally, implementing network segmentation to isolate SCADA systems from IT networks can reduce the attack surface.

Enforcing strong access controls, including multi-factor authentication (MFA), and using Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) solutions for real-time threat detection are also crucial.

The discovery of these vulnerabilities highlights the persistent security risks in SCADA systems and the need for proactive defense strategies.

As cyber threats evolve, it is essential for organizations to stay ahead of emerging threats by investing in robust security measures and continuous monitoring.

By addressing these vulnerabilities proactively, organizations can protect critical infrastructure from cyberattacks and ensure operational resilience.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.