Vendor Products CVEs KEV Avg EPSS Worst Severity 1 11 0 76.0% CRITICAL
CVE ID Description Severity CVSS KEV EPSS Published CVE-2025-25067 mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. CRITICAL 9.3 — 74.8% Feb 13, 2025 CVE-2025-24865 The administrative web interface of
mySCADA myPRO Manager
can be accessed without authentication
which could allow an unauthorized attacker to retrieve sensitive
information and upload files without the associated password. CRITICAL 10.0 — 93.2% Feb 13, 2025 CVE-2025-23411 mySCADA myPRO Manager
is vulnerable to cross-site request forgery (CSRF), which could allow
an attacker to obtain sensitive information. An attacker would need to
trick the victim in to visiting an attacker-controlled website. MEDIUM 5.1 — 42.3% Feb 13, 2025 CVE-2025-22896 mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information. CRITICAL 9.2 — 87.2% Feb 13, 2025 CVE-2023-29169 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. HIGH 8.8 — 50.2% Apr 27, 2023 CVE-2023-29150 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. HIGH 8.8 — 50.2% Apr 27, 2023 CVE-2023-28716 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. HIGH 8.8 — 90.3% Apr 27, 2023 CVE-2023-28400 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. HIGH 8.8 — 97.6% Apr 27, 2023 CVE-2023-28384 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. HIGH 8.8 — 98.6% Apr 27, 2023 CVE-2022-2234 An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. HIGH 8.8 — — Aug 24, 2022 CVE-2022-0999 An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. HIGH 8.8 — — Apr 11, 2022