Two crucial flaws that could allow hacked-down mySCADA , a Supervisory Control and Data Acquisition (SCADA ) system used in operational technology ( OT ) environments, have been revealed by cybersecurity researchers.
If left unchecked, these flaws could allow unauthorized access to professional control networks, which could lead to serious operational disruptions and financial losses, according to Swiss security firm PRODAFT.
Below is a list of the inadequacies, both of which received a score of 9.3 on the CVSS v4 scoring method.
- CVE-2025-20014- An operating system control injection vulnerability that could allow a hacker to execute random commands on the affected system via specifically created POST requests that contain a version parameter.
- – An operating system control shot vulnerability that allows a hacker to execute random commands on the impacted system via specifically designed POST requests that contain an email parameter.
A powerful exploit of either of the two vulnerabilities might allow an intruder to write arbitrary code and incorporate system commands.
Both vulnerabilities are the result of a disappointment to disinfect user inputs, which opens the door to a command injection, according to PRODAFT.
These flaws highlight the need for stronger threats and frequent security risks in SCADA systems, according to the manufacturer. Exploitation may cause economic losses, safety risks, and functional disruptions.
Companies are advised to use the most recent patches, maintain network segmentation by isolating SCADA systems from IT networks, impose robust identification, and keep an eye out for suspicious action.