CVE-2025-22896
published 2025-02-13CVE-2025-22896: mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
3.35%
87.2th percentile
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | < 1.4 | 1.4 |
| myscada | mypro_manager | < 1.4 | 1.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated HTTP requests to the myPRO Manager notification configuration endpoint return cleartext credentials in the response body; monitor for unauthenticated GET requests to this endpoint from external/untrusted sources. ↗
- →CVE-2025-22896 is chained with CVE-2025-24865 (missing authentication); detect exploitation by alerting on unauthenticated access to the myPRO Manager administrative web interface, particularly requests that retrieve notification/credential configuration without a valid session. ↗
- →Target scope: myPRO Manager versions <= 1.3 are vulnerable; presence of version 1.3 or earlier in the environment should be treated as a high-priority finding. ↗
- ·The cleartext credential exposure (CVE-2025-22896) is only reachable because authentication is entirely missing for the notification configuration function (CVE-2025-24865); patching to v1.4 addresses both issues simultaneously. ↗
- ·A public Metasploit auxiliary module (mypro_mgr_creds.rb) exists that automates credential harvesting via CVE-2025-24865 + CVE-2025-22896, lowering the bar for exploitation significantly. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-72w4-wjvh-293c: mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information
ghsa_unreviewed·2025-02-14
CVE-2025-22896 [CRITICAL] CWE-312 GHSA-72w4-wjvh-293c: mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
CISA ICS
mySCADA myPRO Manager
cisa_ics·2025-02-13·CVSS 10.0
[CRITICAL] mySCADA myPRO Manager
ICS Advisory
##
mySCADA myPRO Manager
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-16
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: mySCADA
- Equipment: myPRO Manager
- Vulnerabilities: OS Command Injection, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information, Cross-Site Request Forgery (CSRF)
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
No detection rules found.
No writeups or analysis indexed.
2025-02-13
Published