Myscada Mypro Manager vulnerabilities
11 known vulnerabilities affecting myscada/mypro_manager.
Total CVEs
11
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-47407P1CRITICALCVSS 10.0PoCfixed in 1.32024-11-22
CVE-2024-47407 [CRITICAL] CWE-78 CVE-2024-47407: A parameter within a command does not properly validate input within myPRO Manager which could be ex
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
nvd
CVE-2025-24865P2CRITICALCVSS 9.8PoCfixed in 1.42025-02-13
CVE-2025-24865 [CRITICAL] CWE-306 CVE-2025-24865: The administrative web interface of mySCADA myPRO Manager can be accessed without authentication
The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.
nvd
CVE-2024-52034P2CRITICALCVSS 10.0fixed in 1.32024-11-22
CVE-2024-52034 [CRITICAL] CWE-78 CVE-2024-52034: An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
nvd
CVE-2025-22896P3HIGHCVSS 7.5PoCfixed in 1.42025-02-13
CVE-2025-22896 [HIGH] CWE-312 CVE-2025-22896: mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sen
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
nvd
CVE-2025-25067P2CRITICALCVSS 9.8fixed in 1.42025-02-13
CVE-2025-25067 [CRITICAL] CWE-78 CVE-2025-25067: mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker
mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
nvd
CVE-2025-20061P2CRITICALCVSS 9.8fixed in 1.32025-01-29
CVE-2025-20061 [CRITICAL] CWE-78 CVE-2025-20061: mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email informat
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
nvd
CVE-2025-20014P2CRITICALCVSS 9.8fixed in 1.32025-01-29
CVE-2025-20014 [CRITICAL] CWE-78 CVE-2025-20014: mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version inform
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
nvd
CVE-2024-47138P2CRITICALCVSS 9.8fixed in 1.32024-11-22
CVE-2024-47138 [CRITICAL] CWE-306 CVE-2024-47138: The administrative interface listens by default on all interfaces on a TCP port and does not require
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.
nvd
CVE-2024-45369P3HIGHCVSS 8.1fixed in 1.32024-11-22
CVE-2024-45369 [HIGH] CWE-287 CVE-2024-45369: The web application uses a weak authentication mechanism to verify that a request is coming from an
The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource.
nvd
CVE-2024-50054P3HIGHCVSS 7.5fixed in 1.32024-11-22
CVE-2024-50054 [HIGH] CWE-35 CVE-2024-50054: The back-end does not sufficiently verify the user-controlled filename parameter which makes it poss
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
nvd
CVE-2025-23411P4MEDIUMCVSS 6.5fixed in 1.42025-02-13
CVE-2025-23411 [MEDIUM] CWE-352 CVE-2025-23411: mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an att
mySCADA myPRO Manager
is vulnerable to cross-site request forgery (CSRF), which could allow
an attacker to obtain sensitive information. An attacker would need to
trick the victim in to visiting an attacker-controlled website.
nvd