Summary: CISA has issued an advisory about critical vulnerabilities in mySCADA’s myPRO Manager prior to version 1.4, which can enable attackers to execute commands, upload malicious files, and exfiltrate sensitive data without credentials. Four key vulnerabilities with high CVSS scores have been identified, underscoring a significant risk to industrial operations. Users are advised to upgrade to version 1.4 and implement recommended defensive measures.
Affected: mySCADA myPRO Manager
Keypoints :
- Four critical vulnerabilities assigned CVEs have been identified, with severity scores ranging from 6.3 to 10.0.
- Successful exploitation could allow remote commands execution, unauthorized data access, and sensitive information theft.
- Immediate upgrades to version 1.4 and enhanced security measures such as minimizing network exposure and secure remote access are strongly recommended.