Overview

A pair of 9.8-severity flaws in mySCADA myPRO Manager SCADA systems were among the vulnerabilities highlighted in Cyble’s weekly Industrial Control System (ICS) Vulnerability Intelligence Report.

Cyble Research & Intelligence Labs (CRIL) examined eight ICS vulnerabilities in the January 28 report for clients, including high-severity flaws in critical manufacturing, energy infrastructure, and transportation networks.

OS Command Injection (CWE-78) and Improper Security Checks (CWE-358, CWE-319) accounted for half of the vulnerabilities in the report, “indicating a persistent challenge in securing authentication and execution processes in ICS environments,” Cyble said.

Critical mySCADA Vulnerabilities

The critical mySCADA myPRO supervisory control and data acquisition (SCADA) vulnerabilities haven’t yet appeared in the NIST National Vulnerability Database (NVD) or the MITRE CVE database, but they were the subject of a CISA ICS advisory on January 23.

The mySCADA myPRO Manager system provides user interfaces and functionality for real-time monitoring and control of industrial processes across a range of critical industries and applications. CISA said the vulnerabilities can be exploited remotely with low attack complexity, potentially allowing a remote attacker to execute arbitrary commands or disclose sensitive information.

CVE-2025-20061 was assigned a CVSS v3.1 base score of 9.8 and is an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. CISA said mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information, so the vulnerability could be used to execute arbitrary commands on an affected system.

CVE-2025-20014 is also a 9.8-severity OS Command Injection vulnerability, as myPRO also does not properly neutralize POST requests sent to a specific port with version information, which could potentially lead to an attacker executing arbitrary commands.

The following mySCADA products are affected:

• myPRO Manager: Versions prior to 1.3
• myPRO Runtime: Versions prior to 9.2.1

mySCADA recommends that users update to the latest versions:

• mySCADA PRO Manager 1.3
• mySCADA PRO Runtime 9.2.1

CISA also recommended that users minimize network exposure for all control system devices and systems to ensure they are not accessible from the Internet, locate control system networks and remote devices behind firewalls, and isolate them from business networks. If remote access is necessary, additional security steps, such as an updated VPN on a secure device, should be used.

Recommendations for Mitigating ICS Vulnerabilities 

Cyble recommends several controls for mitigating ICS vulnerabilities and improving the overall security of ICS systems. The measures include:

1. Staying on top of security advisories and patch alerts issued by vendors and regulatory bodies like CISA is recommended. A risk-based approach to vulnerability management reduces the risk of exploitation.
2. Implementing a Zero-Trust Policy to minimize exposure and ensure that all internal and external network traffic is scrutinized and validated.
3. Developing a comprehensive patch management strategy that covers inventory management, patch assessment, testing, deployment, and verification. Automating these processes can help maintain consistency and improve efficiency.
4. Proper network segmentation can limit the potential damage caused by an attacker and prevent lateral movement across networks. This is particularly important for securing critical ICS assets.
5. Conducting regular vulnerability assessments and penetration testing to identify gaps in security that might be exploited by threat actors.
6. Establishing and maintaining an incident response plan and ensuring that it is tested and updated regularly to adapt to the latest threats.
7. All employees, especially those working with Operational Technology (OT) systems, should be required to undergo ongoing cybersecurity training programs. The training should focus on recognizing phishing attempts, following authentication procedures, and understanding the importance of cybersecurity practices in day-to-day operations.

Conclusion

Industrial Control Systems (ICS) vulnerabilities can threaten critical infrastructure environments, with the potential to disrupt operations, compromise sensitive data, and cause physical damage. Staying on top of ICS vulnerabilities and applying good cybersecurity hygiene and controls are critical cybersecurity practices for ICS, OT, and SCADA environments.

To access the full report on ICS vulnerabilities observed by Cyble, along with additional insights and details, click here. By adopting a comprehensive, multi-layered security approach that includes effective vulnerability management, timely patching, and ongoing employee training, organizations can reduce their exposure to cyber threats. With the right tools and intelligence, such as those offered by  Cyble, critical infrastructure can be better protected, ensuring its resilience and security in an increasingly complex cyber landscape.