CVE-2023-28384

HIGH

mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-28384. PoCs published by Michael Heinzl, including Metasploit module exploits/windows/scada/mypro_cmdexe.

AI-analyzed exploit summary This Metasploit module exploits an authenticated command injection vulnerability in mySCADA MyPRO <= v8.28.0 (CVE-2023-28384). It authenticates with provided credentials, checks the target version, and injects arbitrary commands via a malformed JSON payload in the 'sendEmail' function.

Description

mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Michael Heinzl · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/mypro_cmdexe.rb

This Metasploit module exploits an authenticated command injection vulnerability in mySCADA MyPRO <= v8.28.0 (CVE-2023-28384). It authenticates with provided credentials, checks the target version, and injects arbitrary commands via a malformed JSON payload in the 'sendEmail' function.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: mySCADA MyPRO <= v8.28.0
Auth required
Prerequisites: Valid credentials for MyPRO web interface · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-096-06

Scores

CVSS v3 8.8
EPSS 0.4481
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
myscada/mypro < 8.26.0
Published Apr 27, 2023
Tracked Since Feb 18, 2026