PatchSiren cyber security CVE debrief
CVE-2025-22896 mySCADA CVE debrief
CVE-2025-22896 is a publicly disclosed issue in mySCADA myPRO Manager, published by CISA on 2025-02-13. The affected product stores credentials in cleartext, which can expose sensitive information to anyone who can access the stored data or system state. CISA lists affected versions as mySCADA myPRO Manager < 1.4 and recommends updating to version 1.4.
- Vendor
- mySCADA
- Product
- myPRO Manager
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-13
- Original CVE updated
- 2025-02-13
- Advisory published
- 2025-02-13
- Advisory updated
- 2025-02-13
Who should care
Organizations using mySCADA myPRO Manager, especially industrial control systems and OT teams that rely on this software, should review their deployments immediately. Security teams responsible for credential protection, system hardening, and vendor patch management should treat this as a priority because exposed credentials can undermine broader access controls.
Technical summary
The CSAF advisory states that mySCADA myPRO Manager stores credentials in cleartext. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, yielding a high-severity score of 8.6. The primary impact is confidentiality loss: credentials can be disclosed if an attacker can access the affected storage or system context. CISA identifies mySCADA myPRO Manager versions before 1.4 as affected and directs users to upgrade to v1.4.
Defensive priority
High. Cleartext credential storage is a direct secrets-exposure weakness and can enable follow-on compromise if those credentials are reused elsewhere. Because the issue is published by CISA and affects an OT-related product, remediation should be prioritized even though no KEV listing is provided.
Recommended defensive actions
- Upgrade mySCADA myPRO Manager to version 1.4 or later using the vendor's published download path.
- Inventory all installations of mySCADA myPRO Manager and confirm which versions are in use.
- Review whether any exposed or stored credentials may need to be rotated after remediation.
- Restrict access to systems and files that may contain stored credentials until the upgrade is complete.
- Apply CISA industrial control system security best practices for credential management and system hardening.
- Validate that backup images, exports, and configuration files do not retain cleartext secrets.
Evidence notes
This debrief is based on the CISA CSAF advisory ICSA-25-044-16 and the associated CVE record. The advisory explicitly states that the affected product stores credentials in cleartext and lists mySCADA myPRO Manager < 1.4 as the affected range. The vendor remediation in the advisory is to update to myPRO Manager v1.4. No KEV entry or ransomware-campaign linkage was provided in the supplied corpus.
Official resources
-
CVE-2025-22896 CVE record
CVE.org
-
CVE-2025-22896 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA on 2025-02-13 (initial publication of ICSA-25-044-16). The supplied corpus does not indicate a KEV listing.