mySCADA myPRO Manager

Act Now9.8ICS-CERT ICSA-25-023-01Jan 23, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

mySCADA myPRO Manager and myPRO Runtime contain command injection vulnerabilities (CWE-78) that allow unauthenticated remote attackers to execute arbitrary commands or disclose sensitive information. Affected versions are myPRO Manager <1.3 and myPRO Runtime <9.2.1. No public exploitation has been reported.

What this means

What could happen

An attacker with network access to myPRO Manager or Runtime could execute arbitrary commands on the device, potentially altering SCADA setpoints, stopping operations, or accessing sensitive configuration data and credentials.

Who's at risk

Energy sector operators running mySCADA myPRO Manager or myPRO Runtime should be concerned. These products are SCADA management and runtime platforms used to monitor and control industrial processes. Any compromise could disrupt power generation, distribution, or control systems.

How it could be exploited

An attacker on the network (or from the internet if the device is exposed) sends a specially crafted request to the myPRO Manager or Runtime service. The service does not properly validate the request and executes the embedded commands on the host system with the privileges of the service process.

Prerequisites

Network access to myPRO Manager or Runtime service port (default or configured)
No authentication required

Remotely exploitableNo authentication requiredLow complexityCritical severity (CVSS 9.8)Arbitrary command executionNo patch available for affected versions

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

myPRO Manager: <1.3<1.31.3

myPRO Runtime: <9.2.1<9.2.19.2.1

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to myPRO Manager and Runtime by placing devices behind firewalls and isolating SCADA networks from business networks

HARDENINGEnsure myPRO Manager and Runtime are not directly accessible from the internet; use VPN for required remote access

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate mySCADA PRO Manager to version 1.3 or later

HOTFIXUpdate mySCADA PRO Runtime to version 9.2.1 or later

CVEs (2)

CVE-2025-20061 CVE-2025-20014

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/738d0a45-13e2-4d55-a2cd-9805bea31eb7