Supervisory Management and Information Acquisition (SCADA) programs play a pivotal function in managing vital infrastructure throughout sectors like power, manufacturing, and extra.
Nevertheless, this digital transformation additionally brings with it a heightened vulnerability to cyber threats.
Latest analysis by our safety staff at PRODAFT has recognized vital vulnerabilities within the mySCADA myPRO system, a extensively used SCADA administration resolution headquartered within the Czech Republic.
These vulnerabilities may compromise industrial management programs if exploited, resulting in important operational disruptions and monetary losses.
The recognized vulnerabilities are detailed within the desk beneath:
| Vulnerability | CVE | CVSS Rating | Affected Merchandise |
| mySCADA myPRO Supervisor OS Command Injection by way of E-mail Parameter | CVE-2025-20061 | 9.8 (CVSS v3.1), 9.3 (CVSS v4) | myPRO Supervisor – Variations previous to 1.3 |
| mySCADA myPRO Supervisor OS Command Injection by way of Model Parameter | CVE-2025-20014 | 9.8 (CVSS v3.1), 9.3 (CVSS v4) | myPRO Supervisor – Variations previous to 1.3 |
Vulnerabilities Particulars
These vulnerabilities exist because of the improper sanitization of inputs within the myPRO Supervisor utility.
An attacker can exploit these weaknesses by sending specifically crafted POST requests containing both e-mail or model parameters to a selected port.
As soon as executed, these requests can inject system instructions, resulting in Distant Command Execution (RCE), which permits attackers to execute arbitrary code on the system.
CVE-2025-20061 Particulars:
- Influence: Distant Command Execution (RCE)
- CVSS v3.1 Rating: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVSS v4 Rating: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
CVE-2025-20014 Particulars:
- Influence: Distant Command Execution (RCE)
- CVSS v3.1 Rating: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CVSS v4 Rating: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
Each vulnerabilities are categorized underneath CWE-78, highlighting the appliance’s failure to correctly neutralize particular parts utilized in OS instructions.
Affected Merchandise
The vulnerabilities have an effect on the next mySCADA merchandise:
- myPRO Supervisor: Variations previous to 1.3
- myPRO Runtime: Variations previous to 9.2.1
These vulnerabilities underscore the persistent safety dangers related to SCADA programs and the necessity for sturdy protection mechanisms.
Exploitation may result in extreme operational disruptions, monetary losses, and security hazards.
To deal with these vulnerabilities successfully, organizations ought to take into account the next methods:
- Apply Patches: Instantly set up vendor-issued updates for affected merchandise.
- Community Segmentation: Isolate SCADA programs from IT networks to cut back assault surfaces.
- Entry Controls: Implement robust authentication measures, together with multi-factor authentication (MFA).
- Monitoring: Make the most of IDS and SIEM options to detect and reply to threats in real-time.
- Incident Response: Develop and check complete incident response plans for speedy containment and restoration.
As threats in opposition to SCADA programs evolve, proactive safety analysis and sturdy protection methods stay essential in securing vital infrastructure.
Please exchange the hypothetical CVEs (CVE-2025-20061 and CVE-2025-20014) with the precise CVE identifiers as soon as they’re out there.
Examine Actual-World Malicious Hyperlinks & Phishing Assaults With Risk Intelligence Lookup - Attempt for Free