CVE-2025-24865

Critical CVSS: 10.0

The administrative web interface of
mySCADA myPRO Manager

can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.

Vendor

Myscada

Product

Mypro

CWE

CWE-306

Yayın Tarihi

2025-02-13 22:15:12

Güncelleme

2025-03-04 21:16:29

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-306 Mypro CRITICAL Myscada 2025

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16 https://www.myscada.org/contacts/ https://www.myscada.org/downloads/mySCADAPROManager/

Benzer Kayıtlar

Critical

CVE-2025-25067

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrar…

Critical

CVE-2025-22896

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

Medium

CVE-2025-23411

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sens…