Details of VAR-202411-1371

ID

VAR-202411-1371

CVE

CVE-2024-47138

TITLE

mySCADA myPRO Manager Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-46406

DESCRIPTION

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. mySCADA myPRO is a professional HMI/SCADA system designed primarily for visualization and control of industrial processes. mySCADA myPRO Manager has an access control error vulnerability that allows attackers to submit special requests and gain unauthorized access to resources

Trust: 1.44

sources: NVD: CVE-2024-47138 // CNVD: CNVD-2024-46406

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-46406

AFFECTED PRODUCTS

vendor:

myscada

model:

mypro manager

scope:

version:

1.3

Trust: 0.6

sources: CNVD: CNVD-2024-46406

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2024-47138
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2024-46406
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-46406
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ics-cert@hq.dhs.gov:	CVE-2024-47138
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-46406 // NVD: CVE-2024-47138

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.0

sources: NVD: CVE-2024-47138

PATCH

title:

Patch for mySCADA myPRO Manager Access Control Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/634326

Trust: 0.6

sources: CNVD: CNVD-2024-46406

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-24-326-07	Trust: 1.6
db:	NVD	id:	CVE-2024-47138	Trust: 1.6
db:	CNVD	id:	CNVD-2024-46406	Trust: 0.6

sources: CNVD: CNVD-2024-46406 // NVD: CVE-2024-47138

REFERENCES

url:

https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07

Trust: 1.6

sources: CNVD: CNVD-2024-46406 // NVD: CVE-2024-47138

SOURCES

db:	CNVD	id:	CNVD-2024-46406
db:	NVD	id:	CVE-2024-47138

LAST UPDATE DATE

2024-11-29T22:48:08.445000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-46406	date:	2024-11-28T00:00:00
db:	NVD	id:	CVE-2024-47138	date:	2024-11-22T23:15:05.213

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-46406	date:	2024-11-28T00:00:00
db:	NVD	id:	CVE-2024-47138	date:	2024-11-22T23:15:05.213