CVE-2025-25067

Critical CVSS: 9.3

mySCADA myPRO Manager

is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.

Vendor

Product

CWE

Yayın Tarihi

2025-02-13 22:15:12

Güncelleme

2025-04-23 18:45:35

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

CWE-78 Mypro CRITICAL Myscada 2025

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16 https://www.myscada.org/contacts/ https://www.myscada.org/downloads/mySCADAPROManager/

Critical

CVE-2025-24865

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an…

Critical

CVE-2025-22896

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

Medium

CVE-2025-23411

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sens…