CVE-2025-24865
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
The administrative web interface of mySCADA myPRO Manager
can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mySCADA | myPRO Manager | 0 < 1.4 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16
- https://www.myscada.org/downloads/mySCADAPROManager/
- https://www.myscada.org/contacts/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.