A vulnerability has been identified in mySCADA’s myPRO software, which could allow an attacker to remotely execute code on affected devices. The issue stems from the use of a hard-coded password in the application, which simplifies the attack process, making it remotely exploitable with low complexity. The vulnerability has been assigned CVE-2024-4708, and its severity is highlighted by a CVSS v4 score of 9.3.
myPRO versions prior to 8.31.0 are affected, and the flaw could compromise sensitive industrial control systems in sectors like critical manufacturing. Once exploited, attackers could gain control over the systems, potentially leading to unauthorized access, manipulation, and disruption of operations. The vulnerability’s worldwide deployment adds to its potential impact, as these systems are used globally across various industries.
mySCADA, headquartered in the Czech Republic, has urged users to update myPRO to version 8.31.0 to mitigate the risk. In addition, users are advised to follow security best practices, such as minimizing network exposure for control systems and ensuring secure configurations, including the use of firewalls and VPNs for remote access. These measures are designed to prevent unauthorized actors from exploiting the vulnerability and accessing critical systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also provided recommendations to mitigate the risk of exploitation, urging organizations to enhance their defense strategies and implement proactive cybersecurity practices. No public exploitation of this vulnerability has been reported, but the potential impact emphasizes the need for immediate action to protect industrial systems from future attacks.
