Full Report
Cyber threat intelligence firm PRODAFT has identified two critical OS command injection vulnerabilities in mySCADA myPRO Manager, a... The post PRODAFT detects high-severity flaws in mySCADA myPRO Manager, warns of industrial network breaches appeared first on Industrial Cyber.
Analysis Summary
# Vulnerability: OS Command Injection in mySCADA myPRO Manager and Runtime
## CVE Details
- **CVE ID:** CVE-2025-20014, CVE-2025-20061
- **CVSS Score:** 9.3 (High) - *Note: Score based on CVSS v4 mentioned in the text.*
- **CWE:** CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')) (Implied)
## Affected Systems
- **Products:** mySCADA myPRO Manager, mySCADA myPRO Runtime
- **Versions:**
- myPRO Manager: versions before 1.3
- myPRO Runtime: versions before 9.2.1
- **Configurations:** Specific port vulnerable to specially crafted POST requests.
## Vulnerability Description
The vulnerabilities stem from improper input sanitization within the affected mySCADA products. Remote attackers can leverage these flaws to execute arbitrary operating system commands.
1. **CVE-2025-20014:** Achieved via specially crafted HTTP POST requests targeting the `version` parameter.
2. **CVE-2025-20061:** Achieved via specially crafted HTTP POST requests targeting the `email` parameter.
Successful exploitation grants the attacker remote command execution capabilities on the underlying system hosting the SCADA management software, posing a severe risk to industrial operations.
## Exploitation
- **Status:** Researchers detected the flaws; exploitation status in the wild is not explicitly stated, but the high severity suggests immediate risk.
- **Complexity:** Low (Implied by the nature of remote command injection via crafted network requests)
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Potential for data theft, system reconnaissance)
- **Integrity:** High (Potential for modification or destruction of operational data/configurations)
- **Availability:** High (Potential for severe operational disruptions)
## Remediation
### Patches
The article does not explicitly list specific patch versions released, but remediation requires upgrading to fixed versions:
- myPRO Manager: Upgrade to version 1.3 or newer.
- myPRO Runtime: Upgrade to version 9.2.1 or newer.
### Workarounds
No specific workarounds were detailed in the provided summary context. Mitigation relies on patching or network segmentation/filtering until patches can be applied.
## Detection
- **Indicators of Compromise:** Observation of suspicious POST requests directed at the SCADA management system's service port, specifically containing unexpected or malformed data within the `version` or `email` parameters.
- **Detection Methods and Tools:** Network traffic monitoring/IDS systems should be configured to inspect POST requests directed at the mySCADA service port for command injection payloads associated with OS commands.
## References
- PRODAFT Research Report: hxxps://catalyst.prodaft.com/public/report/myscada-mypro-manager-and-runtime-rce-vulnerabilities/overview
- CVE-2025-20014 Advisory: hxxps://github.com/advisories/GHSA-mjq9-gqhq-gfvh
- CVE-2025-20061 Advisory: hxxps://github.com/advisories/GHSA-8226-6jj5-9jvr