PatchSiren cyber security CVE debrief
CVE-2025-20014 mySCADA CVE debrief
A critical command injection vulnerability in mySCADA myPRO Manager and myPRO Runtime allows unauthenticated remote attackers to execute arbitrary commands via crafted POST requests to a specific port. The vulnerability stems from improper neutralization of version information in POST requests, enabling network-based exploitation without authentication. Affected versions include myPRO Manager prior to 1.3 and myPRO Runtime prior to 9.2.1. The vendor has released patched versions that address this vulnerability. Organizations using affected versions should prioritize patching due to the critical severity and unauthenticated remote attack vector.
- Vendor
- mySCADA
- Product
- myPRO Manager
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-01-23
- Original CVE updated
- 2025-01-23
- Advisory published
- 2025-01-23
- Advisory updated
- 2025-01-23
Who should care
Organizations operating mySCADA myPRO Manager or myPRO Runtime in industrial control system (ICS) environments, including manufacturing, energy, water/wastewater, and critical infrastructure sectors. Security teams responsible for OT/ICS asset protection, SCADA system administrators, and network defenders monitoring industrial networks should prioritize assessment and remediation.
Technical summary
The vulnerability exists in mySCADA myPRO products due to improper input validation when processing POST requests containing version information sent to a specific port. An attacker can craft malicious POST requests that inject arbitrary commands, which are then executed on the affected system with the privileges of the myPRO service. The attack requires network access to the target port but no authentication, making it exploitable by any network-adjacent or internet-facing instance. The CVSS 3.1 score of 9.8 reflects the unauthenticated nature, low attack complexity, and high impact across all security dimensions. Both the management interface (myPRO Manager) and runtime component (myPRO Runtime) are affected, with patches available in versions 1.3 and 9.2.1 respectively.
Defensive priority
critical
Recommended defensive actions
- Update mySCADA myPRO Manager to version 1.3 or later
- Update mySCADA myPRO Runtime to version 9.2.1 or later
- Restrict network access to myPRO management interfaces to authorized administrative hosts only
- Monitor for unexpected POST requests to myPRO service ports containing version information
- Review system logs for indicators of unauthorized command execution
- Apply defense-in-depth controls per CISA ICS recommended practices for industrial control systems
Evidence notes
Vulnerability description and affected product versions derived from CISA CSAF advisory ICSA-25-023-01. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H confirms network-based, unauthenticated exploitation with high impact across confidentiality, integrity, and availability. Vendor remediation guidance specifies myPRO Manager 1.3 and myPRO Runtime 9.2.1 as fixed versions.
Official resources
-
CVE-2025-20014 CVE record
CVE.org
-
CVE-2025-20014 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2025-01-23