Cyber Posture

CVE-2025-22896

High

Published: 13 February 2025

Published
13 February 2025
Modified
04 March 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.3324 96.9th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22896 is a high-severity Cleartext Storage of Sensitive Information (CWE-312) vulnerability in Myscada Mypro. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked in the top 3.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-28 (Protection of Information at Rest).

Threat & Defense at a Glance

What attackers do: exploitation maps to Credentials In Files (T1552.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match
prevent

IA-5 requires protecting authenticator content from unauthorized disclosure and modification, directly preventing cleartext storage of credentials.

SC-28 Protection of Information at Rest good match
prevent

SC-28 mandates cryptographic mechanisms to protect sensitive information at rest, comprehensively mitigating cleartext credential storage.

SI-2 Flaw Remediation good match
prevent

SI-2 ensures timely identification, reporting, and correction of system flaws like cleartext credential storage vulnerabilities.

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
Why these techniques?

The vulnerability involves cleartext storage of credentials (CWE-312), directly enabling extraction of unsecured credentials from files without additional protections or complexity.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.

Deeper analysisAI

CVE-2025-22896 is a vulnerability in mySCADA myPRO Manager, published on 2025-02-13, where the software stores credentials in cleartext. This issue, linked to CWE-312 (Cleartext Storage of Sensitive Information), carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N), reflecting high severity primarily due to the risk of sensitive information disclosure.

The vulnerability can be exploited by any unauthenticated attacker with network access to the affected system, requiring low complexity and no user interaction. Exploitation enables the attacker to access and extract credentials stored in cleartext, resulting in high-impact confidentiality loss across the scoped impact.

Mitigation details are available in the CISA ICS advisory ICSA-25-044-16 at https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16, along with mySCADA contacts at https://www.myscada.org/contacts/ and downloads at https://www.myscada.org/downloads/mySCADAPROManager/.

Details

CWE(s)
CWE-312

Affected Products

myscada
mypro
≤ 1.4

CVEs Like This One

CVE-2025-24865Same product: Myscada Mypro
CVE-2025-25067Same product: Myscada Mypro
CVE-2025-26495Shared CWE-312
CVE-2025-12774Shared CWE-312
CVE-2024-55027Shared CWE-312
CVE-2024-23942Shared CWE-312
CVE-2025-34216Shared CWE-312
CVE-2025-25758Shared CWE-312
CVE-2026-34833Shared CWE-312
CVE-2024-55928Shared CWE-312

References