CVE-2025-22896
HIGHmySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
Title source: metasploitDescription
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
Exploits (1)
metasploit
WORKING POC
by Michael Heinzl · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/mypro_mgr_creds.rb
Scores
CVSS v3
8.6
EPSS
0.3324
EPSS Percentile
96.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (1)
myscada/mypro
< 1.4
Published
Feb 13, 2025
Tracked Since
Feb 18, 2026