CISA Releases Six ICS Advisories Details Security Issues
gbhackersThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS) advisories addressing vulnerabilities in a range of critical systems.
These advisories aim to inform organizations about risks that could lead to unauthorized access, system compromise, or sensitive data exposure if left unaddressed.
Below are the details of each advisory, along with associated vulnerabilities and mitigation strategies.
1. mySCADA myPRO Manager – OS Command Injection Vulnerabilities
CISA reported two critical vulnerabilities in mySCADA’s myPRO Manager and myPRO Runtime that allow remote attackers to execute arbitrary OS commands. Both vulnerabilities received a CVSS v4 score of 9.3, indicating their severity.
Vulnerabilities:
- CVE-2025-20061: Exploitable via improperly neutralized POST requests related to email information processing.
- CVE-2025-20014: Exploitable via improperly neutralized POST requests related to version information.
Affected Versions:
- myPRO Manager: Versions prior to 1.3.
- myPRO Runtime: Versions prior to 9.2.1.
Organizations using vulnerable versions should ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE