cbcvebase.

Myscada Mypro Manager vulnerabilities

11 known vulnerabilities affecting myscada/mypro_manager.

Total CVEs
11
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-47407P1CRITICALCVSS 10.0PoCfixed in 1.32024-11-22
CVE-2024-47407 [CRITICAL] CWE-78 CVE-2024-47407: A parameter within a command does not properly validate input within myPRO Manager which could be ex A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
nvd
CVE-2025-24865P2CRITICALCVSS 9.8PoCfixed in 1.42025-02-13
CVE-2025-24865 [CRITICAL] CWE-306 CVE-2025-24865: The administrative web interface of mySCADA myPRO Manager can be accessed without authentication The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
nvd
CVE-2024-52034P2CRITICALCVSS 10.0fixed in 1.32024-11-22
CVE-2024-52034 [CRITICAL] CWE-78 CVE-2024-52034: An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
nvd
CVE-2025-22896P3HIGHCVSS 7.5PoCfixed in 1.42025-02-13
CVE-2025-22896 [HIGH] CWE-312 CVE-2025-22896: mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sen mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
nvd
CVE-2025-25067P2CRITICALCVSS 9.8fixed in 1.42025-02-13
CVE-2025-25067 [CRITICAL] CWE-78 CVE-2025-25067: mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
nvd
CVE-2025-20061P2CRITICALCVSS 9.8fixed in 1.32025-01-29
CVE-2025-20061 [CRITICAL] CWE-78 CVE-2025-20061: mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email informat mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
nvd
CVE-2025-20014P2CRITICALCVSS 9.8fixed in 1.32025-01-29
CVE-2025-20014 [CRITICAL] CWE-78 CVE-2025-20014: mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version inform mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
nvd
CVE-2024-47138P2CRITICALCVSS 9.8fixed in 1.32024-11-22
CVE-2024-47138 [CRITICAL] CWE-306 CVE-2024-47138: The administrative interface listens by default on all interfaces on a TCP port and does not require The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed.
nvd
CVE-2024-45369P3HIGHCVSS 8.1fixed in 1.32024-11-22
CVE-2024-45369 [HIGH] CWE-287 CVE-2024-45369: The web application uses a weak authentication mechanism to verify that a request is coming from an The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource.
nvd
CVE-2024-50054P3HIGHCVSS 7.5fixed in 1.32024-11-22
CVE-2024-50054 [HIGH] CWE-35 CVE-2024-50054: The back-end does not sufficiently verify the user-controlled filename parameter which makes it poss The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system.
nvd
CVE-2025-23411P4MEDIUMCVSS 6.5fixed in 1.42025-02-13
CVE-2025-23411 [MEDIUM] CWE-352 CVE-2025-23411: mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an att mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.
nvd
Myscada Mypro Manager vulnerabilities | cvebase