CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
0
0
0
0
0
Subscribe
CW Pakistan
CW Pakistan CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • Business

NCERT Warns of Critical Security Vulnerabilities in Industrial SCADA Systems

  • March 24, 2025
Total
0
Shares
0
0
0
Share
Tweet
Share
Share
Share
Share

The National Computer Emergency Response Team (NCERT) has issued an urgent advisory highlighting two critical security vulnerabilities in mySCADA myPRO, a widely used Supervisory Control and Data Acquisition (SCADA) system. The flaws, identified as CVE-2025-20014 and CVE-2025-20061, enable attackers to execute arbitrary commands remotely, posing severe risks to industrial control environments. Due to their high potential impact, both vulnerabilities have been assigned a 9.3 severity rating on the CVSS v4 scale, indicating the critical nature of the threat.

According to NCERT, these vulnerabilities arise from improper input validation in the affected SCADA systems, allowing cybercriminals to exploit weaknesses via specially crafted POST requests. If successfully leveraged, attackers can gain unauthorized administrative access, execute malicious code, disrupt operations, and compromise sensitive industrial data. The advisory warns that organizations relying on mySCADA myPRO for process automation and industrial management must act swiftly to mitigate the potential consequences of these security flaws.

The affected systems include mySCADA PRO Manager v1.2 and earlier, as well as mySCADA PRO Runtime v9.2.0 and earlier. Organizations operating outdated or unpatched versions are at significant risk, especially those that have SCADA systems exposed to IT networks or the public internet. NCERT has emphasized that environments lacking proper network segmentation are particularly vulnerable to cyberattacks, as these configurations allow attackers to move laterally across systems once an initial breach occurs.

To address these vulnerabilities, NCERT strongly advises organizations to limit network exposure by isolating SCADA systems from public-facing networks. Security teams should implement strict firewall rules to prevent unauthorized access and enforce Multi-Factor Authentication (MFA) along with Role-Based Access Control (RBAC) to restrict administrative privileges. Additionally, continuous monitoring of system logs and network activity is essential to detect and prevent malicious exploitation attempts, especially those involving manipulated POST requests.

As an immediate response, organizations using mySCADA myPRO must upgrade to the latest patched versions—mySCADA PRO Manager v1.3 and mySCADA PRO Runtime v9.2.1—to remediate the identified vulnerabilities. Beyond software updates, NCERT recommends hardening security configurations by disabling unnecessary services, enforcing network segmentation, and deploying application whitelisting mechanisms to block unauthorized software execution. Strengthening overall cybersecurity posture through regular security assessments and vulnerability scans is also encouraged.

Given the increasing frequency and sophistication of cyberattacks targeting industrial control systems, NCERT has stressed the importance of proactive security measures. Organizations must establish comprehensive incident response strategies, conduct regular disaster recovery drills, and maintain secure backups to mitigate potential operational disruptions in the event of an attack. The advisory underscores that failure to address these vulnerabilities could lead to severe industrial shutdowns, financial losses, and significant safety risks, particularly in sectors reliant on automated process control.

As cyber threats continue to evolve, organizations leveraging mySCADA myPRO must act immediately to safeguard their industrial systems. Further details, including security updates and best practices, can be found through official NCERT advisories. Cybersecurity teams are urged to stay vigilant and prioritize the protection of critical infrastructure against emerging threats.

Share
Tweet
Share
Share
Share
Previous Article
  • PayTech

Khyber Pakhtunkhwa Launches Pakistan’s First Cashless Economy Initiative 

  • March 24, 2025
Read More
Next Article
  • Digital Pakistan

Pakistan’s National AI Policy Faces Delays Amid Ongoing Consultations

  • March 24, 2025
Read More
You May Also Like
Read More
  • Business

Pakistan, China Launch RMB 5 Billion Smart Water Projects | Digital Infrastructure To Strengthen Climate Resilience

  • Press Desk
  • October 14, 2025
Read More
  • Business

Pakistan, China Launch RMB 5 Billion Smart Water Projects, Digital Infrastructure To Strengthen Climate Resilience

  • webdesk
  • October 13, 2025
Read More
  • Business

PAMA Calls For Government Action Against Unsafe And Misleading EV Battery Technologies

  • Press Desk
  • October 10, 2025
Read More
  • Business

Hubco Expands Into EVs, Mining, And New Energy Ventures Amid Improved Financial Outlook

  • Press Desk
  • October 9, 2025
Read More
  • Business

CCP Clears Systems Limited’s Acquisition Of BAT SAA Services In Pakistan

  • Press Desk
  • October 4, 2025
Read More
  • Business

Tech Valley CEO Umar Farooq Appointed To Google For Education Partner Advisory Board

  • Press Desk
  • October 3, 2025
Read More
  • Business

Metso Shows Interest In Investing In Pakistan’s Reko Diq Copper Mining Project

  • Press Desk
  • October 1, 2025
Read More
  • Business

Air Link Reports Record Profit And Dividend For FY25 Despite Sales Decline

  • Press Desk
  • October 1, 2025
Trending Posts
  • Pakistan, China Launch RMB 5 Billion Smart Water Projects | Digital Infrastructure To Strengthen Climate Resilience
    • October 14, 2025
  • AliExpress Adds Taxes At Checkout For Pakistani Shoppers After Digital Levy Withdrawal
    • October 14, 2025
  • Pakistan Pavilion Showcases Innovation And Tech Leadership At GITEX Global 2025
    • October 14, 2025
  • 3G and 4G Services Restored in Islamabad and Rawalpindi After Two-Day Suspension
    • October 14, 2025
  • AI Search Impacting Online Media Traffic And Advertising Revenue
    • October 14, 2025
about
CWPK Legacy
Launched in 1967 internationally, ComputerWorld is the oldest tech magazine/media property in the world. In Pakistan, ComputerWorld was launched in 1995. Initially providing news to IT executives only, once CIO Pakistan, its sister brand from the same family, was launched and took over the enterprise reporting domain in Pakistan, CWPK has emerged as a holistic technology media platform reporting everything tech in the country. It remains the oldest continuous IT publishing brand in the country and in 2025 is set to turn 30 years old, which will be its biggest benchmark and a legacy it hopes to continue for years to come. CWPK is part of the SPIN/IDG Wakhan media umbrella.
Read more
Explore Computerworld Sites Globally
  • computerworld.es
  • computerworld.com.pt
  • computerworld.com
  • cw.no
  • computerworldmexico.com.mx
  • computerwoche.de
  • computersweden.idg.se
  • computerworld.hu
Content from other IDG brands
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
CW Pakistan CW Pakistan
  • CWPK
  • CXO
  • DEMO
  • WALLET

CW Media & all its sub-brands are copyrighted to SPIN-IDG Wakhan Media Inc., the publishing arm of NCC-RP Group. This site is designed by Crunch Collective. ©️1995-2025. Read Privacy Policy.

Input your search keywords and press Enter.