CVE-2025-23411 MEDIUM

CVE-2025-23411: mySCADA myPRO Manager Cross-Site Request Forgery

Vendor Myscada
Product myPRO Manager
Weakness CWE-352 · CSRF
Published February 13, 2025
Last update February 14, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.

Key dates

02Disclosure timeline

February 13, 2025 CVE published
February 14, 2025 Record updated