Cleartext Credential Exposure in myPRO Manager by mySCADA
CVE-2025-22896

9.2CRITICAL

Key Information:

Vendor: Myscada
Status: Mypro Manager
Vendor: CVE Published:; 13 February 2025

Summary

The myPRO Manager software by mySCADA has been identified as vulnerable due to its practice of storing user credentials in cleartext. This significant oversight can potentially enable malicious actors to harvest sensitive information without the need for sophisticated hacking techniques, increasing the risk for users of this product.

Affected Version(s)

myPRO Manager 0 < 1.4

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-0...

https://www.myscada.org/downloads/mySCADAPROManager/

https://www.myscada.org/contacts/

EPSS Score

31% chance of being exploited in the next 30 days.

CVSS V4

Score:

9.2

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 11, 2025

Credit

Michael Heinzl reported these vulnerabilities to CISA.