CVE-2024-47138: Missing Authentication for Critical Function (CWE-306)# CVE-2024-47138: Missing Authentication for Critical Function (CWE-306)
## Overview
The security vulnerability identified as CVE-2024-47138 affects mySCADA’s myPRO Manager and Runtime. This vulnerability is critical, with a CVSS 3.1 base score of 9.8, indicative of its severe potential impact on systems utilizing these products. The issue arises from the administrative interface, which, by default, listens on all interfaces over a TCP port without necessitating authentication. This weakness can be exploited to gain unauthorized access, resulting in severe confidentiality, integrity, and availability impact.
## Details
+ **CVE ID:** CVE-2024-47138
+ **Published:** 2024-11-22
+ **Impact:** Critical
+ **Exploit Availability:** Not public, only private.
+ **CVSS:3.1:** 9.8
## Vulnerability Description
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.
## Affected Versions
| **mySCADA products** | Affected Versions |
|---------------------|----------------------------------|
| myPRO Manager | Versions prior to 1.3 |
| myPRO Runtime | Versions prior to 9.2.1 |
## Usage
```
python CVE-2024-47138.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
For inquiries, please contact wilguard@thesecure.biz
## Exploit
**[Download](https://bit.ly/3DL2UW8)**
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view