8.6 CVE-2025-22896
mySCADA myPRO Manager
stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
https://nvd.nist.gov/vuln/detail/CVE-2025-22896
Categories
CWE-312 : Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301] In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment. Remote Terminal Unit (RTU) uses a driver that relies on a password stored in plaintext. password and username stored in cleartext in a cookie password stored in cleartext in a file with insecure permissions chat program disables SSL in some circumstances even when the user says to use SSL. Chain: product uses an incorrect public exponent when generating an RSA key, which effectively disables the encryption storage of unencrypted passwords in a database storage of unencrypted passwords in a database product stores a password in cleartext in memory storage of a secret key in cleartext in a temporary file SCADA product uses HTTP Basic Authentication, which is not encrypted login credentials stored unencrypted in a registry key Plaintext credentials in world-readable file. Password in cleartext in config file. Password in cleartext in config file. Decrypted copy of a message written to disk given a combination of options and when user replies to an encrypted message. Plaintext storage of private key and passphrase in log file when user imports the key. Admin password in plaintext in a cookie. Default configuration has cleartext usernames/passwords in cookie. Usernames/passwords in cleartext in cookies. Authentication information stored in cleartext in a cookie.
References
ics-cert@hq.dhs.gov
https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16 US Government Resource Third Party Advisory |
https://www.myscada.org/contacts/ Product |
https://www.myscada.org/downloads/mySCADAPROManager/ Product |
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:myscada:mypro:*:*:*:*:*:*:*:* | < 1.4 |
REMEDIATION
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
No known exploits |
Other Nist (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
37 | Retrieve Embedded Sensitive Data |
Very High |
MITRE
Techniques
id | description |
---|---|
T1005 | Data from Local System |
T1552.004 | Unsecured Credentials: Private Keys |
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
id | description |
---|---|
M1057 | Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted. |
M1022 | Ensure permissions are properly set on folders containing sensitive private keys to prevent unintended access. Additionally, on Cisco devices, set the `nonexportable` flag during RSA key pair generation. |
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.