CVE-2024-47138 PoC — mySCADA myPRO 访问控制错误漏洞

Source

Associated Vulnerability

Description

CVE-2024-47138: Missing Authentication for Critical Function (CWE-306)

Readme

# CVE-2024-47138: Missing Authentication for Critical Function (CWE-306)


## Overview

The security vulnerability identified as CVE-2024-47138 affects mySCADA’s myPRO Manager and Runtime. This vulnerability is critical, with a CVSS 3.1 base score of 9.8, indicative of its severe potential impact on systems utilizing these products. The issue arises from the administrative interface, which, by default, listens on all interfaces over a TCP port without necessitating authentication. This weakness can be exploited to gain unauthorized access, resulting in severe confidentiality, integrity, and availability impact.


## Details
+ **CVE ID:** CVE-2024-47138
+ **Published:** 2024-11-22
+ **Impact:** Critical
+ **Exploit Availability:** Not public, only private.
+ **CVSS:3.1:** 9.8


## Vulnerability Description

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.


## Affected Versions

| **mySCADA products**     | Affected Versions           |
|---------------------|----------------------------------|
| myPRO Manager  | Versions prior to 1.3                 |
| myPRO Runtime  | Versions prior to 9.2.1               |


## Usage
```
python CVE-2024-47138.py -h 10.10.10.10 -c 'uname -a'
```

## Contact
For inquiries, please contact wilguard@thesecure.biz

## Exploit
**[Download](https://bit.ly/3DL2UW8)**

File Snapshot

 [4.0K]  /data/pocs/7ff851f5527575c43ad37f1057f2bac8ca3d88c5
└── [1.4K]  README.md

0 directories, 1 file

Remarks