Details of VAR-202502-0190

ID

VAR-202502-0190

CVE

CVE-2025-24865

TITLE

mySCADA Technologies of myPRO Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2025-001961

DESCRIPTION

The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. mySCADA Technologies of myPRO There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes. mySCADA myPRO has an access control error vulnerability that allows access to the management interface without authentication

Trust: 2.16

sources: NVD: CVE-2025-24865 // JVNDB: JVNDB-2025-001961 // CNVD: CNVD-2025-03919

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-03919

AFFECTED PRODUCTS

vendor:	myscada	model:	mypro	scope:	lt	version:	1.4	Trust: 1.6
vendor:	myscada	model:	mypro	scope:	-	version:	-	Trust: 0.8
vendor:	myscada	model:	mypro	scope:	eq	version:	1.4	Trust: 0.8
vendor:	myscada	model:	mypro	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-03919 // JVNDB: JVNDB-2025-001961 // NVD: CVE-2025-24865

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2025-24865
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2025-24865
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2025-24865
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-03919
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-03919
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ics-cert@hq.dhs.gov:	CVE-2025-24865
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-24865
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2025-24865
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-03919 // JVNDB: JVNDB-2025-001961 // NVD: CVE-2025-24865 // NVD: CVE-2025-24865

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-001961 // NVD: CVE-2025-24865

PATCH

title:

Patch for mySCADA myPRO Access Control Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/661116

Trust: 0.6

sources: CNVD: CNVD-2025-03919

EXTERNAL IDS

db:	NVD	id:	CVE-2025-24865	Trust: 3.2
db:	ICS CERT	id:	ICSA-25-044-16	Trust: 2.4
db:	JVN	id:	JVNVU95120930	Trust: 0.8
db:	JVNDB	id:	JVNDB-2025-001961	Trust: 0.8
db:	CNVD	id:	CNVD-2025-03919	Trust: 0.6

sources: CNVD: CNVD-2025-03919 // JVNDB: JVNDB-2025-001961 // NVD: CVE-2025-24865

REFERENCES

url:	https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16	Trust: 2.4
url:	https://www.myscada.org/contacts/	Trust: 1.8
url:	https://www.myscada.org/downloads/myscadapromanager/	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu95120930/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-24865	Trust: 0.8

sources: CNVD: CNVD-2025-03919 // JVNDB: JVNDB-2025-001961 // NVD: CVE-2025-24865

SOURCES

db:	CNVD	id:	CNVD-2025-03919
db:	JVNDB	id:	JVNDB-2025-001961
db:	NVD	id:	CVE-2025-24865

LAST UPDATE DATE

2025-03-06T23:11:03.332000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-03919	date:	2025-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2025-001961	date:	2025-03-05T06:25:00
db:	NVD	id:	CVE-2025-24865	date:	2025-03-04T20:59:05.417

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-03919	date:	2025-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2025-001961	date:	2025-03-05T00:00:00
db:	NVD	id:	CVE-2025-24865	date:	2025-02-13T22:15:12.613