CVE-2025-24865
published 2025-02-13CVE-2025-24865: The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.82%
93.2th percentile
The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myscada | mypro | < 1.4 | 1.4 |
| myscada | mypro_manager | < 1.4 | 1.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →The administrative web interface of mySCADA myPRO Manager (versions prior to 1.4) is accessible without authentication — monitor for unauthenticated HTTP requests to the administrative web interface, particularly to the notification configuration page which returns cleartext credentials ↗
- →The notification/configuration endpoint returns cleartext credentials without verifying authentication — detect unauthenticated GET/POST requests to the notification configuration page of myPRO Manager ↗
- →A Metasploit auxiliary module exists for credential harvesting against mySCADA myPRO Manager — watch for exploitation tool signatures matching 'mypro_mgr_creds' module activity ↗
- →Affected product is myPRO Manager versions prior to 1.4 — flag any internet-exposed instances of this product version in asset inventory ↗
- ·No known public exploitation specifically targeting these vulnerabilities had been reported to CISA at the time of advisory publication (February 13, 2025) ↗
- ·The vulnerability is exploitable remotely with low attack complexity and no authentication required — network-level controls (firewall, VPN isolation) are the primary compensating control until patching to v1.4 ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
mySCADA myPRO Manager
cisa_ics·2025-02-13·CVSS 10.0
[CRITICAL] mySCADA myPRO Manager
ICS Advisory
##
mySCADA myPRO Manager
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-16
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: mySCADA
- Equipment: myPRO Manager
- Vulnerabilities: OS Command Injection, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information, Cross-Site Request Forgery (CSRF)
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, and obtain sensitive information without providing associated credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
GHSA
GHSA-5vm2-873v-mw7w: The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrie
ghsa_unreviewed·2025-02-14
CVE-2025-24865 [CRITICAL] CWE-306 GHSA-5vm2-873v-mw7w: The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrie
The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.
No detection rules found.
No writeups or analysis indexed.
2025-02-13
Published