CVE-2024-47407

EUVD-2024-42766
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
icscertCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
myscadamypro_manager
𝑥
< 1.3
ADP
myscadamypro_runtime
𝑥
< 9.2.1
ADP
myscadamypro
𝑥
< 1.3
CNA
myscadamypro
𝑥
< 9.2.1
CNA
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-326-07