CVE-2024-4708 – CVE-2024-4708 is a critical vulnerability in my... (How to Fix)

Q: What is the severity of CVE-2024-4708?

CVE-2024-4708 has a CVSS score of 9.8 (CRITICAL). CVE-2024-4708 is a critical vulnerability in mySCADA myPRO software where attackers can use a hard-coded password to gain unauthorized access and execute arbitrary code remotely. This affects all organizations using vulnerable versions of mySCADA myPRO, particularly in industrial control systems and critical infrastructure.

📋 TL;DR

CVE-2024-4708 is a critical vulnerability in mySCADA myPRO software where attackers can use a hard-coded password to gain unauthorized access and execute arbitrary code remotely. This affects all organizations using vulnerable versions of mySCADA myPRO, particularly in industrial control systems and critical infrastructure.

💻 Affected Systems

Products:

mySCADA myPRO

Versions: All versions prior to the fix

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using the default configuration with hard-coded credentials.

📦 What is this software?

Mypro by Myscada

View all CVEs affecting Mypro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of affected devices leading to remote code execution, data theft, system manipulation, and potential physical consequences in industrial environments.

🟠

Likely Case

Unauthorized access to SCADA systems, configuration changes, data exfiltration, and disruption of industrial operations.

🟢

If Mitigated

Limited impact if systems are isolated from untrusted networks and access controls are properly implemented.

🌐 Internet-Facing: HIGH - Internet-facing systems are directly exploitable by remote attackers without authentication.

🏢 Internal Only: HIGH - Even internally, attackers with network access can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the hard-coded password and network access to the vulnerable system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.myscada.org/mypro/

Restart Required: Yes

Instructions:

1. Check vendor advisory for latest patched version
2. Download and install the update from mySCADA
3. Restart the myPRO service
4. Verify the fix by checking version and testing authentication

🔧 Temporary Workarounds

Network Segmentation

all

Isolate myPRO systems from untrusted networks and implement strict firewall rules

Access Control Lists

all

Implement IP-based restrictions to limit which systems can connect to myPRO services

🧯 If You Can't Patch

Immediately change all default passwords and implement strong authentication mechanisms
Deploy network monitoring and intrusion detection systems to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if myPRO is using default/hard-coded credentials by reviewing configuration files and authentication logs

Check Version:

Check myPRO version through the application interface or configuration files

Verify Fix Applied:

Verify that hard-coded passwords have been removed and proper authentication is required

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful login with default credentials
Unusual access patterns or configuration changes

Network Indicators:

Unexpected connections to myPRO ports from unauthorized IP addresses
Traffic patterns indicating remote code execution

SIEM Query:

source="myPRO" AND (event_type="authentication" AND result="success" AND user="default")

📊 Metadata

CVE ID: CVE-2024-4708

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-259

Published: July 2, 2024

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 Third Party Advisory,US Government Resource
https://www.myscada.org/mypro/ Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02 Third Party Advisory,US Government Resource
https://www.myscada.org/mypro/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4708, you might also want to check these: