The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory detailing multiple critical vulnerabilities affecting mySCADA’s myPRO Manager, versions prior to 1.4. Successful exploitation of these flaws could grant attackers the ability to execute arbitrary operating system commands, upload malicious files, and exfiltrate sensitive information – all without valid credentials. This poses a severe threat to industrial operations relying on the affected software.
Four distinct vulnerabilities have been identified and assigned CVEs:
- CVE-2025-25067 (CVSS 9.8 – Critical): A dangerous OS command injection vulnerability allows remote attackers to execute arbitrary system commands. This could enable complete system compromise.
- CVE-2025-24865 (CVSS 10.0 – Critical): The administrative web interface lacks authentication, leaving it wide open to unauthorized access. Attackers can retrieve sensitive data and upload files unimpeded.
- CVE-2025-22896 (CVSS 8.6 – High): Stored credentials are in cleartext, making them easily accessible to attackers who gain access to the system.
- CVE-2025-23411 (CVSS 6.3 – Medium): A cross-site request forgery (CSRF) vulnerability allows attackers to potentially steal sensitive information by tricking victims into visiting malicious websites.
The severity of these vulnerabilities is underscored by their high CVSS scores, with two rated as “Critical” (9.8 and 10.0) and one as “High” (8.6). While CISA reports no known public exploitation of these vulnerabilities at this time, the potential for exploitation is significant, and immediate action is crucial.
mySCADA has released myPRO Manager version 1.4 to address these vulnerabilities, and upgrading to this version is the primary recommendation. CISA also strongly advises users to implement the following defensive measures to minimize the risk of exploitation:
- Minimize Network Exposure: Control system devices and systems should not be directly accessible from the internet. Limiting exposure significantly reduces the attack surface.
- Network Segmentation: Isolate control system networks and remote devices behind firewalls, separating them from business networks. This prevents lateral movement of attackers in case of a breach in other parts of the network.
- Secure Remote Access: When remote access is necessary, employ secure methods like Virtual Private Networks (VPNs). However, it’s crucial to keep VPNs updated to the latest versions as they themselves can contain vulnerabilities. Remember that a VPN’s security is only as strong as the security of the devices connected to it.
