Sign-up

ID

VAR-202502-0191


CVE

CVE-2025-23411


TITLE

mySCADA Technologies  of  myPRO  Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2025-001962

DESCRIPTION

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes

Trust: 2.16

sources: NVD: CVE-2025-23411 // JVNDB: JVNDB-2025-001962 // CNVD: CNVD-2025-03920

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-03920

AFFECTED PRODUCTS

vendor:myscadamodel:myproscope:ltversion:1.4

Trust: 1.6

vendor:myscadamodel:myproscope: - version: -

Trust: 0.8

vendor:myscadamodel:myproscope:eqversion:1.4

Trust: 0.8

vendor:myscadamodel:myproscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2025-03920 // JVNDB: JVNDB-2025-001962 // NVD: CVE-2025-23411

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2025-23411
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2025-23411
value: MEDIUM

Trust: 1.0

NVD: CVE-2025-23411
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-03920
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-03920
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ics-cert@hq.dhs.gov: CVE-2025-23411
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-23411
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2025-23411
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-03920 // JVNDB: JVNDB-2025-001962 // NVD: CVE-2025-23411 // NVD: CVE-2025-23411

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.0

problemtype:Cross-site request forgery (CWE-352) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-001962 // NVD: CVE-2025-23411

PATCH

title:Patch for mySCADA myPRO Cross-Site Request Forgery Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/661121

Trust: 0.6

sources: CNVD: CNVD-2025-03920

EXTERNAL IDS

db:NVDid:CVE-2025-23411

Trust: 3.2

db:ICS CERTid:ICSA-25-044-16

Trust: 2.4

db:JVNid:JVNVU95120930

Trust: 0.8

db:JVNDBid:JVNDB-2025-001962

Trust: 0.8

db:CNVDid:CNVD-2025-03920

Trust: 0.6

sources: CNVD: CNVD-2025-03920 // JVNDB: JVNDB-2025-001962 // NVD: CVE-2025-23411

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16

Trust: 2.4

url:https://www.myscada.org/contacts/

Trust: 1.8

url:https://www.myscada.org/downloads/myscadapromanager/

Trust: 1.8

url:https://jvn.jp/vu/jvnvu95120930/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-23411

Trust: 0.8

sources: CNVD: CNVD-2025-03920 // JVNDB: JVNDB-2025-001962 // NVD: CVE-2025-23411

SOURCES

db:CNVDid:CNVD-2025-03920
db:JVNDBid:JVNDB-2025-001962
db:NVDid:CVE-2025-23411

LAST UPDATE DATE

2025-03-06T23:11:03.311000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-03920date:2025-02-27T00:00:00
db:JVNDBid:JVNDB-2025-001962date:2025-03-05T06:25:00
db:NVDid:CVE-2025-23411date:2025-03-04T20:59:05.417

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-03920date:2025-02-27T00:00:00
db:JVNDBid:JVNDB-2025-001962date:2025-03-05T00:00:00
db:NVDid:CVE-2025-23411date:2025-02-13T22:15:11.913