mySCADA myPRO Manager

Act NowCVSS 10ICS-CERT ICSA-25-044-16Feb 13, 2025

mySCADAEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

mySCADA myPRO Manager versions prior to 1.4 contain multiple critical vulnerabilities: arbitrary OS command execution (CWE-78), missing authentication checks (CWE-306), improper information protection (CWE-312), and missing CSRF protection (CWE-352). These allow unauthenticated attackers to execute arbitrary commands on the system, upload files, and extract sensitive configuration and system information without providing credentials. The vulnerability is remotely accessible via the web interface and requires no user interaction.

What this means

What could happen

An attacker without credentials could execute arbitrary commands on the myPRO Manager, alter SCADA configuration, upload malicious files, or extract sensitive system information, potentially disrupting energy generation, distribution, or monitoring systems.

Who's at risk

Energy sector operators responsible for SCADA systems that depend on myPRO Manager for configuration and monitoring. This includes utilities running myPRO Manager on workstations, servers, or remote management systems for energy generation, transmission, or distribution control.

How it could be exploited

An attacker on the network accesses the myPRO Manager interface remotely via HTTP/HTTPS (port 80 or 443). The absence of authentication checks (CWE-306) allows the attacker to submit OS command payloads, file uploads, or data extraction requests directly without logging in. These commands execute with the privileges of the myPRO Manager process.

Prerequisites

Network access to myPRO Manager HTTP/HTTPS interface (typically port 80 or 443)
myPRO Manager version prior to 1.4
No credentials required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (67.2%)affects control system operations

Exploitability

Likely to be exploited — EPSS score 67.2%

Metasploit module available — weaponized exploitView module ↗

Affected products (1)

ProductAffected VersionsFix Status

myPRO Manager: <1.4<1.41.4

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to myPRO Manager to only authorized IP addresses and subnets using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate myPRO Manager to version 1.4 or later

Long-term hardening

0/2

HARDENINGSegment the myPRO Manager onto a dedicated SCADA network isolated from the business network with firewall enforcement

HARDENINGIf remote access is required, require access through a VPN with strong authentication rather than direct internet exposure

CVEs (4)

CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2025-25067

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d06e4330-6f6c-4ae7-95e5-6ae17dda5aff

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.