Login Sign Up

CVE-2025-23411

6.3 MEDIUM
CSRF

📋 TL;DR

mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), allowing attackers to trick authenticated users into performing unintended actions that could expose sensitive information. This affects organizations using mySCADA myPRO Manager for industrial control system management. Attackers need to lure victims to malicious websites while they're logged into the vulnerable application.

💻 Affected Systems

Products:
  • mySCADA myPRO Manager
Versions: All versions prior to patched release
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Affects web interface components of myPRO Manager; requires user authentication to be exploited.

📦 What is this software?

Mypro by Myscada

View all CVEs affecting Mypro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker obtains administrative credentials or configuration data, potentially leading to full system compromise and operational disruption of industrial processes.

🟠

Likely Case

Attacker steals session cookies or extracts limited configuration information, enabling further reconnaissance or privilege escalation.

🟢

If Mitigated

With proper CSRF protections and network segmentation, impact is limited to information disclosure without system control.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks are well-understood and easily weaponized; exploitation requires social engineering to lure authenticated users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://www.myscada.org/contacts/

Restart Required: Yes

Instructions:

1. Contact mySCADA for patch information via their website. 2. Download and apply the latest version. 3. Restart the myPRO Manager service. 4. Verify CSRF protections are enabled.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing requests

Configuration depends on web framework; implement synchronizer token pattern

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

  • Segment network to restrict myPRO Manager access to trusted users only
  • Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Test web interface for missing CSRF tokens on POST/PUT/DELETE requests using tools like Burp Suite or OWASP ZAP

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Verify CSRF tokens are present and validated on all state-changing endpoints; test with crafted malicious requests

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed state-changing requests from same IP
  • Unusual parameter patterns in web logs

Network Indicators:

  • HTTP requests with missing or invalid Referer headers
  • Cross-origin requests to sensitive endpoints

SIEM Query:

source="web_logs" AND (uri="/admin/*" OR uri="/config/*") AND referer NOT CONTAINS "expected-domain.com"

📊 Metadata

CVE ID: CVE-2025-23411
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-352
EPSS Score: 0.05% exploit probability (14.1th percentile)
Published: February 13, 2025
Last Updated: March 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23411, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)