Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.
Path: blob/master/documentation/modules/auxiliary/admin/scada/mypro_mgr_creds.md
Views: 18093
Vulnerable Application
Vulnerability Description
This module exploits two vulnerabilities (CVE-2025-24865 & CVE-2025-22896) in mySCADA MyPRO Manager <= v1.3 to retrieve the configured credentials for the mail server.
The administrative web interface has certain features where credentials are required to be accessed, but the implementation is flawed, allowing to bypass the requirement. Other important administrative features do not require credentials at all, allowing an unauthenticated remote attacker to perform privileged actions. These issues are tracked through CVE-2025-24865. Another vulnerability, tracked through CVE-2025-22896, is related to the cleartext storage of various credentials by the application.
One way how these issues can be exploited is to allow an unauthenticated remote attacker to retrieve the cleartext credentials of the mail server that is configured by the product, which this module does.
Versions <= 1.3 are affected. CISA published ICSA-25-044-16 to cover the security issues.
Vulnerable Application Installation
A trial version of the software can be obtained from the vendor.
Successfully tested on
mySCADA MyPRO Manager 1.3 on Windows 11 (22H2)
Verification Steps
Install the application
After installation, reboot the system and wait some time until a runtime (e.g., 9.2.1) has been fetched and installed.
Start
msfconsoleand run the following commands:
Scenarios
Running the module against MyPRO Manager v1.3 on Windows 11, should result in an output similar to the following: