Cyber Security News

mySCADA myPRO Manager RCE Vulnerabilities Allow Remote Attackers to Take Control of ICS Devices

In a significant discovery, PRODAFT’s security research team has identified two critical vulnerabilities in the mySCADA myPRO Manager, a widely used Supervisory Control and Data Acquisition (SCADA) management solution.

These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially leading to severe operational disruptions and financial losses.

The vulnerabilities are classified as OS Command Injection, allowing remote attackers to execute arbitrary commands on affected systems.

The vulnerabilities exist due to improper input sanitization in the myPRO Manager.

An attacker can inject system commands and execute arbitrary code by sending specially crafted POST requests containing email or version parameters to a specific port.

The affected products include myPRO Manager versions prior to 1.3 and myPRO Runtime versions prior to 9.2.1.

Both vulnerabilities are rated as critical, with CVSS v4 scores of 9.3, indicating a high level of severity.

Impact and Exploitation

The vulnerabilities are categorized under CWE-78, which involves the improper neutralization of special elements used in an OS command.

This allows for Remote Command Execution (RCE), enabling attackers to execute arbitrary system commands.

The impact is significant, as it could lead to unauthorized access to industrial control systems (ICS), potentially disrupting operations across critical sectors such as energy and manufacturing.

The exploitation process involves sending a specially crafted POST request to a specific port, either using an email or version parameter.

The process tree during the exploitation

According to Catalyst Report, this lack of input sanitization allows attackers to inject malicious commands, which can be executed on the system.

A successful exploitation can lead to a reverse shell, providing attackers with full control over the system.

Risk Mitigation

To mitigate these risks, organizations should apply vendor-issued patches immediately.

Additionally, implementing network segmentation to isolate SCADA systems from IT networks can reduce the attack surface.

Enforcing strong access controls, including multi-factor authentication (MFA), and using Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) solutions for real-time threat detection are also crucial.

The discovery of these vulnerabilities highlights the persistent security risks in SCADA systems and the need for proactive defense strategies.

As cyber threats evolve, it is essential for organizations to stay ahead of emerging threats by investing in robust security measures and continuous monitoring.

By addressing these vulnerabilities proactively, organizations can protect critical infrastructure from cyberattacks and ensure operational resilience.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

14 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

14 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

15 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

16 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

17 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

17 hours ago