Myscada Mypro Manager
11 CVEs affecting Myscada Mypro Manager. Latest disclosed: 2025-02-13. Critical: 7, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-24865 | Critical | 10.0 | 2025-02-13 | The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sens… |
CVE-2024-52034 | Critical | 10.0 | 2024-11-22 | An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to injec… |
CVE-2024-47407 | Critical | 10.0 | 2024-11-22 | A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arb… |
CVE-2025-25067 | Critical | 9.8 | 2025-02-13 | mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. |
CVE-2025-20061 | Critical | 9.8 | 2025-01-29 | mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker t… |
CVE-2025-20014 | Critical | 9.8 | 2025-01-29 | mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker… |
CVE-2024-47138 | Critical | 9.8 | 2024-11-22 | The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. |
CVE-2025-22896 | High | 8.6 | 2025-02-13 | mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. |
CVE-2024-45369 | High | 8.1 | 2024-11-22 | The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. |
CVE-2024-50054 | High | 7.5 | 2024-11-22 | The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and… |
CVE-2025-23411 | Medium | 6.3 | 2025-02-13 | mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would ne… |