VAR-202502-0188
Vulnerability from variot - Updated: 2025-04-25 01:44mySCADA myPRO Manager
is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes.
mySCADA myPRO has an operating system command injection vulnerability that stems from improper input validation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202502-0188",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mypro",
"scope": "lt",
"trust": 1.6,
"vendor": "myscada",
"version": "1.4"
},
{
"model": "mypro",
"scope": null,
"trust": 0.8,
"vendor": "myscada",
"version": null
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": "1.4"
},
{
"model": "mypro",
"scope": "eq",
"trust": 0.8,
"vendor": "myscada",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"cve": "CVE-2025-25067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2025-03918",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2025-25067",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-001992",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2025-25067",
"trust": 1.0,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2025-25067",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2025-001992",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2025-03918",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"db": "NVD",
"id": "CVE-2025-25067"
},
{
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA myPRO Manager\n \nis vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. mySCADA Technologies of myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is a professional HMI/SCADA system from mySCADA, designed for visualization and control of industrial processes. \n\nmySCADA myPRO has an operating system command injection vulnerability that stems from improper input validation",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-25067"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"db": "CNVD",
"id": "CNVD-2025-03918"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-25067",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-25-044-16",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95120930",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2025-001992",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-03918",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"id": "VAR-202502-0188",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
}
],
"trust": 0.906677
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
}
]
},
"last_update_date": "2025-04-25T01:44:20.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for mySCADA myPRO Operating System Command Injection Vulnerability (CNVD-2025-03918)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/661111"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16"
},
{
"trust": 1.8,
"url": "https://www.myscada.org/contacts/"
},
{
"trust": 1.8,
"url": "https://www.myscada.org/downloads/myscadapromanager/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95120930/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-25067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-03918"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-03918"
},
{
"date": "2025-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"date": "2025-02-13T22:15:12.780000",
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-03918"
},
{
"date": "2025-03-05T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2025-001992"
},
{
"date": "2025-04-23T18:45:35.860000",
"db": "NVD",
"id": "CVE-2025-25067"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "mySCADA\u00a0Technologies\u00a0 of \u00a0myPRO\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-001992"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…