PatchSiren

mySCADA CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM mySCADA CVE published 2025-02-13

CVE-2025-23411

CVE-2025-23411 affects mySCADA myPRO Manager versions before 1.4. CISA’s advisory describes a cross-site request forgery (CSRF) issue that could allow an attacker to obtain sensitive information after tricking a victim into visiting an attacker-controlled website. The provided data lists the issue as MEDIUM severity (CVSS 6.3) and shows no CISA KEV entry.

HIGH mySCADA CVE published 2025-02-13

CVE-2025-22896

CVE-2025-22896 is a publicly disclosed issue in mySCADA myPRO Manager, published by CISA on 2025-02-13. The affected product stores credentials in cleartext, which can expose sensitive information to anyone who can access the stored data or system state. CISA lists affected versions as mySCADA myPRO Manager < 1.4 and recommends updating to version 1.4.

CRITICAL mySCADA CVE published 2025-01-23

CVE-2025-20061

A critical command injection vulnerability in mySCADA myPRO Manager and myPRO Runtime allows unauthenticated remote attackers to execute arbitrary commands on affected systems. The flaw stems from improper neutralization of POST requests containing email information sent to a specific port. With a CVSS 3.1 score of 9.8, this vulnerability presents severe risk to industrial control environments due to its [truncated]

CRITICAL mySCADA CVE published 2025-01-23

CVE-2025-20014

A critical command injection vulnerability in mySCADA myPRO Manager and myPRO Runtime allows unauthenticated remote attackers to execute arbitrary commands via crafted POST requests to a specific port. The vulnerability stems from improper neutralization of version information in POST requests, enabling network-based exploitation without authentication. Affected versions include myPRO Manager prior to 1.3 [truncated]

CRITICAL mySCADA CVE published 2024-11-21

CVE-2024-52034

A critical OS command injection vulnerability in mySCADA myPRO Manager allows unauthenticated remote attackers to execute arbitrary operating system commands. The vulnerability, published by CISA on November 21, 2024, carries a CVSS 3.1 score of 10.0 (Critical) with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The scope is changed, with high impact [truncated]

HIGH mySCADA CVE published 2024-11-21

CVE-2024-50054

A path traversal vulnerability in mySCADA myPRO Manager and myPRO Runtime allows unauthenticated remote attackers to retrieve arbitrary files from the underlying file system. The backend fails to sufficiently validate a user-controlled filename parameter, enabling directory traversal sequences to escape intended access boundaries. This vulnerability affects myPRO Manager versions prior to 1.3 and myPRO Ru [truncated]

CRITICAL mySCADA CVE published 2024-11-21

CVE-2024-47407

A critical unauthenticated remote command injection vulnerability exists in mySCADA myPRO Manager and myPRO Runtime. The flaw stems from improper input validation on a parameter within a command, allowing unauthenticated remote attackers to inject arbitrary operating system commands. The vulnerability carries a CVSS 3.1 score of 10.0 (Critical), indicating network-based attack vector with low complexity, [truncated]

CRITICAL mySCADA CVE published 2024-11-21

CVE-2024-47138

A critical vulnerability in mySCADA myPRO Manager and myPRO Runtime exposes administrative interfaces without authentication by default. The administrative interface listens on all network interfaces on a TCP port and does not require authentication for access, allowing unauthenticated remote attackers to gain full administrative control over affected systems. This vulnerability affects myPRO Manager vers [truncated]

HIGH mySCADA CVE published 2024-11-21

CVE-2024-45369

CVE-2024-45369 is a HIGH severity vulnerability (CVSS 8.1) in mySCADA myPRO Manager and myPRO Runtime, published by CISA on November 21, 2024. The vulnerability stems from a weak authentication mechanism in the web application that fails to properly verify requests originate from authenticated and authorized resources. This authentication weakness could allow attackers to bypass security controls and perf [truncated]

CRITICAL mySCADA CVE published 2024-07-02

CVE-2024-4708

A critical vulnerability in mySCADA myPRO industrial control system software allows remote code execution via a hard-coded password. The flaw affects versions prior to 8.31.0 and was disclosed by CISA on July 2, 2024. The vendor has released a patched version.