Unsecured Administrative Interface in mySCADA myPRO Manager
CVE-2025-24865

10CRITICAL

Key Information:

Vendor: Myscada
Status: Mypro Manager
Vendor: CVE Published:; 13 February 2025

Summary

The mySCADA myPRO Manager is affected by a significant vulnerability that allows unauthorized access to its administrative web interface. This security flaw enables attackers to retrieve sensitive information and upload files without requiring authentication, posing serious risks to the integrity and confidentiality of the data handled by the system.

Affected Version(s)

myPRO Manager 0 < 1.4

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-0...

https://www.myscada.org/downloads/mySCADAPROManager/

https://www.myscada.org/contacts/

EPSS Score

57% chance of being exploited in the next 30 days.

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 11, 2025

Credit

Michael Heinzl reported these vulnerabilities to CISA.