CVE-2025-24865

CRITICAL

mySCADA myPRO Manager - Info Disclosure

Title source: llm

Description

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.

Exploits (1)

metasploit WORKING POC

by Michael Heinzl · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/mypro_mgr_creds.rb

View Code ZIP pw:eip

References (3)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16

[Product] https://www.myscada.org/contacts/

[Product] https://www.myscada.org/downloads/mySCADAPROManager/

Scores

CVSS v3 10.0

EPSS 0.6723

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (1)

myscada/mypro < 1.4

Published Feb 13, 2025

Tracked Since Feb 18, 2026