Description

The administrative web interface of
mySCADA myPRO Manager

can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password.

Classification

CVE ID: CVE-2025-24865

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor: mySCADA

Product: myPRO Manager

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 32.76% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16
https://www.myscada.org/downloads/mySCADAPROManager/
https://www.myscada.org/contacts/

Timeline