mySCADA myPRO Manager

Act Now10ICS-CERT ICSA-25-044-16Feb 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

mySCADA myPRO Manager versions below 1.4 contain multiple critical vulnerabilities (CWE-78 OS command injection, CWE-306 missing authentication, CWE-312 cleartext transmission, CWE-352 CSRF) that allow unauthenticated remote attackers to execute arbitrary OS commands, upload files, and obtain sensitive information. The vulnerabilities stem from insufficient input validation and missing authentication controls on the management interface. Successful exploitation could compromise SCADA operations and enable unauthorized control of industrial processes.

What this means

What could happen

An attacker could execute arbitrary commands on the myPRO Manager system, upload malicious files, and steal sensitive information without any credentials, potentially disrupting SCADA operations and compromising industrial control systems in energy environments.

Who's at risk

Energy sector operators, particularly those running mySCADA myPRO Manager for SCADA monitoring and control. This includes utilities managing electrical generation, transmission, and distribution systems where myPRO Manager is used for supervisory control or process monitoring.

How it could be exploited

An attacker on the network (or from the internet if the device is exposed) sends crafted requests to myPRO Manager's management interface. Due to missing authentication checks and insufficient input validation, the attacker can execute arbitrary OS commands, upload files to the system, and exfiltrate sensitive data like configuration files or credentials without providing login credentials.

Prerequisites

Network access to myPRO Manager (HTTP/HTTPS management port)
No credentials required
Device must be reachable from attacker's network (exposed to internet or accessible from compromised internal network)

remotely exploitableno authentication requiredlow complexityhigh EPSS score (67.2%)affects SCADA/industrial control systemsno patch available

Exploitability

High exploit probability (EPSS 67.2%)

Affected products (1)

ProductAffected VersionsFix Status

myPRO Manager: <1.4<1.41.4

Remediation & Mitigation

0/4

Do now

0/4

HOTFIXUpdate myPRO Manager to version 1.4 or later

HARDENINGIsolate myPRO Manager behind a firewall; do not expose to the internet

HARDENINGRestrict network access to myPRO Manager to authorized engineering workstations only using firewall rules or network segmentation

WORKAROUNDIf remote access is required, implement a VPN and keep it updated to the latest version

CVEs (4)

CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2025-25067

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d06e4330-6f6c-4ae7-95e5-6ae17dda5aff