Islamabad, Mar 24, 2025: The National Computer Emergency Response Team (NCERT) has issued an urgent security advisory regarding two major vulnerabilities in mySCADA myPRO, a widely utilized Supervisory Control and Data Acquisition (SCADA) system.
These vulnerabilities, designated as CVE-2025-20014 and CVE-2025-20061, pose a significant risk by allowing remote execution of arbitrary commands.
With a severity rating of 9.3 on the CVSS v4 scale, these flaws could lead to severe security breaches.
The Security Threat
The vulnerabilities originate from improper input validation, enabling cybercriminals to inject malicious commands through specially crafted POST requests.
If exploited, attackers can gain unauthorized access, execute remote code (RCE), disrupt operations, and potentially compromise entire industrial control systems.
Organizations utilizing mySCADA myPRO must act swiftly to mitigate these threats.
Affected Systems
The vulnerabilities impact:
- mySCADA PRO Manager v1.2 and earlier
- mySCADA PRO Runtime v9.2.0 and earlier
Outdated or unpatched systems, particularly those exposed to public networks, face the highest risk.
National CERT warns that SCADA environments lacking proper network segmentation are particularly vulnerable to cyberattacks.
Read More:
Google Pixel GPU Boost Shocks Users
Recommended Security Measures
To safeguard against potential exploitation, National CERT recommends implementing the following security measures:
- Restrict Network Exposure โ Ensure SCADA systems are isolated from public networks and limit external access.
- Apply Security Patches โ Immediately update to mySCADA PRO Manager v1.3 and mySCADA PRO Runtime v9.2.1 to address the vulnerabilities.
- Enforce Access Controls โ Utilize Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC) to restrict unauthorized administrative access.
- Monitor System Activity โ Regularly check logs and network traffic for any suspicious activity, particularly unusual POST requests.
- Strengthen Security Configurations โ Disable unnecessary services, enforce strict firewall rules, and implement application whitelisting to prevent unauthorized software execution.
- Conduct Incident Response Drills โ Regularly test disaster recovery plans to minimize potential operational disruptions.
Act Now to Secure Your Systems
Failure to address these vulnerabilities can lead to serious industrial disruptions, financial losses, and safety risks. Organizations using mySCADA myPRO must take immediate action to secure their systems and prevent cyber threats.
For more details and ongoing updates, refer to the official security advisories provided by National CERT.
By prioritizing cybersecurity and proactive defense strategies, organizations can protect their critical infrastructure from malicious threats and ensure the safety and reliability of their SCADA systems.
