mySCADA myPRO Manager

Plan PatchCVSS 9.8ICS-CERT ICSA-25-023-01Jan 23, 2025

mySCADAEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

mySCADA PRO Manager versions below 1.3 and mySCADA PRO Runtime versions below 9.2.1 contain vulnerabilities that allow a remote attacker to execute arbitrary commands or access sensitive information. The vulnerabilities are remotely exploitable and do not require authentication, user interaction, or special configuration. Successful exploitation could allow an attacker to run commands on the SCADA system, potentially disrupting energy operations or extracting critical control system data.

What this means

What could happen

A remote attacker with network access to myPRO Manager or Runtime could execute arbitrary commands or read sensitive data without authentication, potentially taking control of SCADA processes and disrupting energy operations.

Who's at risk

Energy sector operators using mySCADA PRO Manager or PRO Runtime for SCADA control and monitoring are affected. This includes engineers and operators at utilities, distribution centers, and generation facilities that rely on these platforms for real-time process control.

How it could be exploited

An attacker on the same network (or internet if the device is exposed) sends a specially crafted request to the vulnerable myPRO Manager or Runtime service. The service processes the request without proper input validation and executes the attacker's commands or returns sensitive information. No authentication or user interaction is required.

Prerequisites

Network connectivity to myPRO Manager or Runtime service
myPRO Manager version below 1.3 or myPRO Runtime version below 9.2.1

remotely exploitableno authentication requiredlow complexitycritical CVSS (9.8)high EPSS score unavailable but base metrics criticalaffects safety and operational control systems

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

myPRO Manager: <1.3<1.31.3

myPRO Runtime: <9.2.1<9.2.19.2.1

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to myPRO Manager and Runtime services to only authorized engineering workstations and control systems; block inbound connections from business networks and the internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate mySCADA PRO Manager to version 1.3 or later

HOTFIXUpdate mySCADA PRO Runtime to version 9.2.1 or later

Long-term hardening

0/1

HARDENINGIf remote access to myPRO is required, route it through a VPN with current security updates and place myPRO behind a firewall with strict access control rules

CVEs (2)

CVE-2025-20061 CVE-2025-20014

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/738d0a45-13e2-4d55-a2cd-9805bea31eb7

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.