Supervisory Control and Data Acquisition (SCADA) systems play a pivotal role in managing critical infrastructure across sectors like energy, manufacturing, and more.
However, this digital transformation also brings with it a heightened vulnerability to cyber threats.
Recent research by our security team at PRODAFT has identified critical vulnerabilities in the mySCADA myPRO system, a widely used SCADA management solution headquartered in the Czech Republic.
These vulnerabilities could compromise industrial control systems if exploited, leading to significant operational disruptions and financial losses.
The identified vulnerabilities are detailed in the table below:
Vulnerability | CVE | CVSS Score | Affected Products |
mySCADA myPRO Manager OS Command Injection via Email Parameter | CVE-2025-20061 | 9.8 (CVSS v3.1), 9.3 (CVSS v4) | myPRO Manager – Versions prior to 1.3 |
mySCADA myPRO Manager OS Command Injection via Version Parameter | CVE-2025-20014 | 9.8 (CVSS v3.1), 9.3 (CVSS v4) | myPRO Manager – Versions prior to 1.3 |
These vulnerabilities exist due to the improper sanitization of inputs in the myPRO Manager application.
An attacker can exploit these weaknesses by sending specially crafted POST requests containing either email or version parameters to a specific port.
Once executed, these requests can inject system commands, leading to Remote Command Execution (RCE), which allows attackers to execute arbitrary code on the system.
CVE-2025-20061 Details:
CVE-2025-20014 Details:
Both vulnerabilities are categorized under CWE-78, highlighting the application’s failure to properly neutralize special elements used in OS commands.
The vulnerabilities affect the following mySCADA products:
These vulnerabilities underscore the persistent security risks associated with SCADA systems and the need for robust defense mechanisms.
Exploitation could lead to severe operational disruptions, financial losses, and safety hazards.
To address these vulnerabilities effectively, organizations should consider the following strategies:
As threats against SCADA systems evolve, proactive security research and robust defense strategies remain crucial in securing critical infrastructure.
Please replace the hypothetical CVEs (CVE-2025-20061 and CVE-2025-20014) with the actual CVE identifiers once they are available.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly…
As artificial intelligence continues to reshape the technological landscape, tools like Snowflake’s CORTEX Search Service…
UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has…
Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised…
Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models…
Microsoft’s cybersecurity research team has issued a stark warning about the risks of using default…