Cybersecurity researchers have revealed the details of two important flaws affecting MyScada MyPro: Supervisor Control and Data Collection (SCADA) System (SCADA) System (SCADA) System (OT) System.
“These vulnerabilities, if exploited, allow unauthorized access to industrial control networks, potentially leading to serious operational disruption and economic losses,” said Swiss security company Prodaft.
Below is a list of drawbacks that both rated 9.3 for the CVSS V4 scoring system –
CVE-2025-20014 – Operating System Command Injection Vulnerability allows an attacker to execute arbitrary commands on the affected system via a specially created POST request that contains the version parameter CVE-2025-20061.
By successfully completing one of the two flaws, an attacker can insert a system command and execute arbitrary code.
According to Prodaft, either vulnerability did not sanitize user input, resulting in opening the door to command injection.
“These vulnerabilities highlight the persistent security risks in SCADA systems and the need for stronger defense,” the company said. “Exploitation can lead to operational disruption, financial losses and safety hazards.”
Organizations are encouraged to perform network segmentation, provide strong authentication and monitor suspicious activity by applying the latest patches and isolating SCADA systems from their IT networks.
Source link
