Critical Flaws Fixed in MYPRO by Developers

MyScada MyPro Software Vulnerability Discovered
In a recent discovery, a critical vulnerability has been found in the MyPro software developed by Czech company MyScada. This software is used to automate industrial processes and the vulnerability allows remote attackers to gain complete control over the system without authorization. MyPro serves as an interface for man-machine (HMI) interaction and a system for dispatch control and data collection (SCADA). It is designed to visualize and manage production processes and is compatible with Windows, MacOS, and Linux systems, including servers, PCs, and built-in devices. The vulnerabilities that have been detected impact the Manager and Runtime components of the software, enabling attackers to execute arbitrary commands with elevated privileges, breach authentication protocols, and bypass security measures. Four out of five vulnerabilities have been classified as critical, while one is considered to be of high severity. Exploiting these vulnerabilities allows unauthorized remote attackers to gain administrative access and compromise both the MyPro software and the underlying operating system. The vulnerable service remains active on all network interfaces by default, posing an increased risk to operations. The vulnerabilities were identified in July and August 2024, prompting MyScada to release updates to address the issues. Users are advised to install MyPro Manager version 1.3 and MyPro Runtime version 9.2.1 to mitigate the risks associated with these vulnerabilities. While several copies of MyScada software are available online, it is unclear which ones are at risk of exploitation through the identified vulnerabilities. The level of risk depends on the specific configuration of the system being used. As of the publication of the notice by CISA, there have been no reports of incidents involving the exploitation of these vulnerabilities. Users are urged to update their MyPro software to the latest versions to ensure their systems are secure.

MyScada MyPro Software Vulnerability Discovered

In a recent discovery, a critical vulnerability has been found in the MyPro software developed by Czech company MyScada. This software is used to automate industrial processes and the vulnerability allows remote attackers to gain complete control over the system without authorization.

MyPro serves as an interface for man-machine (HMI) interaction and a system for dispatch control and data collection (SCADA). It is designed to visualize and manage production processes and is compatible with Windows, MacOS, and Linux systems, including servers, PCs, and built-in devices.

The vulnerabilities that have been detected impact the Manager and Runtime components of the software, enabling attackers to execute arbitrary commands with elevated privileges, breach authentication protocols, and bypass security measures. Four out of five vulnerabilities have been classified as critical, while one is considered to be of high severity.

Exploiting these vulnerabilities allows unauthorized remote attackers to gain administrative access and compromise both the MyPro software and the underlying operating system. The vulnerable service remains active on all network interfaces by default, posing an increased risk to operations.

The vulnerabilities were identified in July and August 2024, prompting MyScada to release updates to address the issues. Users are advised to install MyPro Manager version 1.3 and MyPro Runtime version 9.2.1 to mitigate the risks associated with these vulnerabilities.

While several copies of MyScada software are available online, it is unclear which ones are at risk of exploitation through the identified vulnerabilities. The level of risk depends on the specific configuration of the system being used.

As of the publication of the notice by CISA, there have been no reports of incidents involving the exploitation of these vulnerabilities. Users are urged to update their MyPro software to the latest versions to ensure their systems are secure.

/Reports, release notes, official announcements.