Full Report
Cyber threat intelligence firm PRODAFT has identified two critical OS command injection vulnerabilities in mySCADA myPRO Manager, a... The post PRODAFT detects high-severity flaws in mySCADA myPRO Manager, warns of industrial network breaches appeared first on Industrial Cyber.
Analysis Summary
# Vulnerability: Critical OS Command Injection in mySCADA myPRO Manager and Runtime
## CVE Details
- CVE ID: CVE-2025-20014, CVE-2025-20061
- CVSS Score: 9.3 (High, based on CVSS v4 mentioned)
- CWE: Improper Input Sanitization (Implied OS Command Injection)
## Affected Systems
- Products: mySCADA myPRO Manager, myPRO Runtime
- Versions: myPRO Manager versions before 1.3; myPRO Runtime versions before 9.2.1.
- Configurations: Affects systems accessible via a specific network port intended for the management system.
## Vulnerability Description
The vulnerabilities stem from improper input sanitization within the myPRO Manager system.
1. **CVE-2025-20014 (Version Parameter):** Allows a remote attacker to execute arbitrary operating system commands by sending specially crafted POST requests containing malicious data within a `version` parameter.
2. **CVE-2025-20061 (Email Parameter):** Allows a remote attacker to execute arbitrary operating system commands by sending specially crafted POST requests containing malicious data within an `email` parameter.
Successful exploitation grants the attacker the ability to execute arbitrary code on the affected system, posing a direct threat to industrial control networks.
## Exploitation
- Status: Researcher-identified, not explicitly stated as exploited in the wild, but PoC exists implicitly through the research findings.
- Complexity: Likely Low, as the attack involves crafted network requests rather than complex local interaction.
- Attack Vector: Network (Remote Unauthenticated/Authenticated, depending on service exposure).
## Impact
- Confidentiality: High (Arbitrary command execution can lead to data theft).
- Integrity: High (Arbitrary command execution can lead to system modifications or data corruption).
- Availability: High (Potential for severe operational disruptions and denial of service in industrial control systems).
## Remediation
### Patches
The article implies that updating is necessary but does not list specific new version numbers for patches, only the vulnerable versions to avoid. Users must seek the official security advisories from mySCADA for patched versions.
* **Action Required:** Update myPRO Manager to version 1.3 or later.
* **Action Required:** Update myPRO Runtime to version 9.2.1 or later.
### Workarounds
The article strongly recommends fundamental security practices:
* Patching (primary fix).
* Implementing network segmentation around SCADA systems.
* Enforcing strong authentication mechanisms.
* Continuous monitoring of industrial networks.
## Detection
- **Indicators of Compromise:** Unusual network traffic to the myPRO service port containing POST requests with highly suspicious payloads targeting `version` or `email` parameters. Unusual system process execution originating from the myPRO service context.
- **Detection methods and tools:** Network monitoring tools, IDS/IPS configured to inspect POST request payloads targeting the service endpoints. Input validation logs should be heavily scrutinized.
## References
- PRODAFT Research Detail: hxxps://catalyst.prodaft.com/public/report/myscada-mypro-manager-and-runtime-rce-vulnerabilities/overview
- CVE-2025-20014 advisory link: hxxps://github.com/advisories/GHSA-mjq9-gqhq-gfvh
- CVE-2025-20061 advisory link: hxxps://github.com/advisories/GHSA-8226-6jj5-9jvr