Latest Cyber Security News

You are here: Home / General Cyber Security News / Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
March 19, 2025

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems.

“These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially leading to severe operational disruptions and financial losses,” Swiss security company PRODAFT said.

The list of shortcomings, both rated 9.3 on the CVSS v4 scoring system, are below –

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


  • CVE-2025-20014 – An operating system command injection vulnerability that could permit an attacker to execute arbitrary commands on the affected system via specially crafted POST requests containing a version parameter
  • CVE-2025-20061 – An operating system command injection vulnerability that could permit an attacker to execute arbitrary commands on the affected system via specially crafted POST requests containing an email parameter

Successful exploitation of either of the two flaws could permit an attacker to inject system commands and execute arbitrary code.

Cybersecurity

According to PRODAFT, both vulnerabilities stem from a failure to sanitize user inputs, thereby opening the door to a command injection.

“These vulnerabilities highlight the persistent security risks in SCADA systems and the need for stronger defenses,” the company said. “Exploitation could lead to operational disruptions, financial losses, and safety hazards.”

Organizations are recommended to apply the latest patches, enforce network segmentation by isolating SCADA systems from IT networks, enforce strong authentication, and monitor for suspicious activity.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *