Summary: Cybersecurity researchers have revealed two critical command injection vulnerabilities in the mySCADA myPRO SCADA system that could allow attackers to gain unauthorized access and execute arbitrary commands. The flaws, rated 9.3 on the CVSS v4 scale, pose significant risks including operational disruptions and financial losses. Organizations using affected systems are urged to apply patches and strengthen security measures to mitigate these risks.
Affected: mySCADA myPRO
Keypoints :
- CVE-2025-20014 and CVE-2025-20061 are critical vulnerabilities allowing attackers to execute arbitrary commands via specially crafted POST requests.
- Both flaws arise from inadequate sanitization of user inputs, leading to potential command injection attacks.
- Recommendations include applying patches, enhancing network segmentation, enforcing strong authentication, and monitoring for suspicious activities.
Source: https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html