POC详情: 7ff851f5527575c43ad37f1057f2bac8ca3d88c5

来源
https://github.com/wilguard/CVE-2024-47138
关联漏洞
标题: mySCADA myPRO 访问控制错误漏洞 (CVE-2024-47138)
描述:mySCADA myPRO是mySCADA公司的一个专业的 HMI/SCADA 系统,主要设计用于工业过程的可视化和控制。 mySCADA myPRO存在访问控制错误漏洞,该漏洞源于管理界面默认监听TCP端口上的所有接口,访问时无需身份验证。
描述
CVE-2024-47138: Missing Authentication for Critical Function (CWE-306)
介绍
# CVE-2024-47138: Missing Authentication for Critical Function (CWE-306)


## Overview

The security vulnerability identified as CVE-2024-47138 affects mySCADA’s myPRO Manager and Runtime. This vulnerability is critical, with a CVSS 3.1 base score of 9.8, indicative of its severe potential impact on systems utilizing these products. The issue arises from the administrative interface, which, by default, listens on all interfaces over a TCP port without necessitating authentication. This weakness can be exploited to gain unauthorized access, resulting in severe confidentiality, integrity, and availability impact.


## Details
+ **CVE ID:** CVE-2024-47138
+ **Published:** 2024-11-22
+ **Impact:** Critical
+ **Exploit Availability:** Not public, only private.
+ **CVSS:3.1:** 9.8


## Vulnerability Description

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.


## Affected Versions

| **mySCADA products**     | Affected Versions           |
|---------------------|----------------------------------|
| myPRO Manager  | Versions prior to 1.3                 |
| myPRO Runtime  | Versions prior to 9.2.1               |


## Usage
```
python CVE-2024-47138.py -h 10.10.10.10 -c 'uname -a'
```

## Contact
For inquiries, please contact wilguard@thesecure.biz

## Exploit
**[Download](https://bit.ly/3DL2UW8)**
文件快照

 [4.0K]  /data/pocs/7ff851f5527575c43ad37f1057f2bac8ca3d88c5
└── [1.4K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。