Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

HTTP: mySCADA myPRO dataFromViewScripts Command Injection

This signature detects attempts to exploit a known vulnerability against mySCADA myPRO. A successful attack can lead to arbitrary code execution.

Extended Description

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.

Affected Products

Myscada mypro

References

CVE: CVE-2023-28384

URL: https://www.myscada.org/changelog/?section=version-8-28-0 https://www.myscada.org/changelog/?section=version-8-29-0 https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06

Short Name

HTTP:CTS:MYSCADA-MYPRO-RCE

Severity

Major

Recommended

True

Recommended Action

Drop

Category

HTTP

Keywords

CVE-2022-2234 CVE-2023-28384 CVE-2023-28400 CVE-2023-28716 Command Injection dataFromViewScripts myPRO mySCADA

Release Date

10/10/2022

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3643

False Positive

Unknown

Vendors

Myscada