CVE-2025-35941
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-06-12
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-35941 is a vulnerability in mySCADA PRO Manager that allows a password to be exposed locally on the affected system. It requires an attacker to have local access with low privileges and does not require user interaction. The vulnerability leads to a high confidentiality impact by disclosing a password, but it does not affect the integrity or availability of the system. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing a local password on your system, which could lead to unauthorized access to sensitive information or systems if an attacker gains local access. Although it does not affect system integrity or availability, the confidentiality breach poses a medium risk. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that only trusted users have local access to systems running mySCADA PRO Manager, as the vulnerability requires local access with low privileges. Users should update to version 1.4 of mySCADA PRO Manager, which addresses the first disclosed issue, while being aware that a second related bug remains unfixed as of the latest update. Monitoring for official patches or fixes expected by September 2025 is recommended. Additionally, restrict local access and review user privileges to minimize exposure. [1]