PT-2024-8635 · Myscada · Myscada Mypro Manager

Michael Heinzl

Published

2024-11-21

Updated

2024-11-23

CVE-2024-52034

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions mySCADA myPRO Manager (affected versions not specified)

Description An OS Command Injection issue exists, allowing an unauthenticated remote attacker to inject arbitrary operating system commands by exploiting a parameter within a command. This is due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2024-10226

CVE-2024-52034

Affected Products

Myscada Mypro Manager

PT-2024-8635 · Myscada · Myscada Mypro Manager

CVE-2024-52034

Weakness Enumeration

Related Identifiers

Affected Products

References · 7