Cybersecurity researchers have disclosed particulars of two essential flaws impacting mySCADA myPRO, a Supervisory Management and Data Acquisition (SCADA) system utilized in operational know-how (OT) environments, that would permit malicious actors to take management of vulnerable techniques.
“These vulnerabilities, if exploited, might grant unauthorized entry to industrial management networks, doubtlessly resulting in extreme operational disruptions and monetary losses,” Swiss security firm PRODAFT stated.
The checklist of shortcomings, each rated 9.3 on the CVSS v4 scoring system, are beneath –
- CVE-2025-20014 – An working system command injection vulnerability that would allow an attacker to execute arbitrary instructions on the affected system through specifically crafted POST requests containing a model parameter
- CVE-2025-20061 – An working system command injection vulnerability that would allow an attacker to execute arbitrary instructions on the affected system through specifically crafted POST requests containing an e-mail parameter
Profitable exploitation of both of the 2 flaws might allow an attacker to inject system instructions and execute arbitrary code. The problems have been addressed within the following variations –
- mySCADA PRO Supervisor 1.3
- mySCADA PRO Runtime 9.2.1
Based on PRODAFT, each vulnerabilities stem from a failure to sanitize person inputs, thereby opening the door to a command injection.
“These vulnerabilities spotlight the persistent security dangers in SCADA techniques and the necessity for stronger defenses,” the corporate stated. “Exploitation might result in operational disruptions, monetary losses, and security hazards.”
Organizations are really useful to use the newest patches, implement community segmentation by isolating SCADA techniques from IT networks, implement robust authentication, and monitor for suspicious exercise.
