CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • PSEB
    • DFDI
    • Indus AI Week
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • PCWorld
  • Macworld
  • Infoworld
  • TechAdvisor
0
0
0
0
0
Subscribe
CW Pakistan
CW Pakistan CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • PSEB
    • DFDI
    • Indus AI Week
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • Business

NCERT Warns of Critical Security Vulnerabilities in Industrial SCADA Systems

  • March 24, 2025
Total
0
Shares
0
0
0
Share
Tweet
Share
Share
Share
Share

The National Computer Emergency Response Team (NCERT) has issued an urgent advisory highlighting two critical security vulnerabilities in mySCADA myPRO, a widely used Supervisory Control and Data Acquisition (SCADA) system. The flaws, identified as CVE-2025-20014 and CVE-2025-20061, enable attackers to execute arbitrary commands remotely, posing severe risks to industrial control environments. Due to their high potential impact, both vulnerabilities have been assigned a 9.3 severity rating on the CVSS v4 scale, indicating the critical nature of the threat.

According to NCERT, these vulnerabilities arise from improper input validation in the affected SCADA systems, allowing cybercriminals to exploit weaknesses via specially crafted POST requests. If successfully leveraged, attackers can gain unauthorized administrative access, execute malicious code, disrupt operations, and compromise sensitive industrial data. The advisory warns that organizations relying on mySCADA myPRO for process automation and industrial management must act swiftly to mitigate the potential consequences of these security flaws.

The affected systems include mySCADA PRO Manager v1.2 and earlier, as well as mySCADA PRO Runtime v9.2.0 and earlier. Organizations operating outdated or unpatched versions are at significant risk, especially those that have SCADA systems exposed to IT networks or the public internet. NCERT has emphasized that environments lacking proper network segmentation are particularly vulnerable to cyberattacks, as these configurations allow attackers to move laterally across systems once an initial breach occurs.

To address these vulnerabilities, NCERT strongly advises organizations to limit network exposure by isolating SCADA systems from public-facing networks. Security teams should implement strict firewall rules to prevent unauthorized access and enforce Multi-Factor Authentication (MFA) along with Role-Based Access Control (RBAC) to restrict administrative privileges. Additionally, continuous monitoring of system logs and network activity is essential to detect and prevent malicious exploitation attempts, especially those involving manipulated POST requests.

As an immediate response, organizations using mySCADA myPRO must upgrade to the latest patched versions—mySCADA PRO Manager v1.3 and mySCADA PRO Runtime v9.2.1—to remediate the identified vulnerabilities. Beyond software updates, NCERT recommends hardening security configurations by disabling unnecessary services, enforcing network segmentation, and deploying application whitelisting mechanisms to block unauthorized software execution. Strengthening overall cybersecurity posture through regular security assessments and vulnerability scans is also encouraged.

Given the increasing frequency and sophistication of cyberattacks targeting industrial control systems, NCERT has stressed the importance of proactive security measures. Organizations must establish comprehensive incident response strategies, conduct regular disaster recovery drills, and maintain secure backups to mitigate potential operational disruptions in the event of an attack. The advisory underscores that failure to address these vulnerabilities could lead to severe industrial shutdowns, financial losses, and significant safety risks, particularly in sectors reliant on automated process control.

As cyber threats continue to evolve, organizations leveraging mySCADA myPRO must act immediately to safeguard their industrial systems. Further details, including security updates and best practices, can be found through official NCERT advisories. Cybersecurity teams are urged to stay vigilant and prioritize the protection of critical infrastructure against emerging threats.

Share
Tweet
Share
Share
Share
Previous Article
  • PayTech

Khyber Pakhtunkhwa Launches Pakistan’s First Cashless Economy Initiative 

  • March 24, 2025
Read More
Next Article
  • Digital Pakistan

Pakistan’s National AI Policy Faces Delays Amid Ongoing Consultations

  • March 24, 2025
Read More
You May Also Like
Read More
  • Business

Select Technologies Debuts With PSX Gong Ceremony

  • Press Desk
  • July 14, 2026
Read More
  • Business

Multinet Pakistan Opens Second Purpose-Built Campus in Lahore

  • Press Desk
  • July 13, 2026
Read More
  • Business

Select Technologies To List On PSX From July 13

  • Press Desk
  • July 11, 2026
Read More
  • Business

Itanz Technologies Approves Bonus Shares And Capital Hike

  • Press Desk
  • July 10, 2026
Read More
  • Business

Air Link And Select Close Rs4.76bn Financing Deal

  • Press Desk
  • July 9, 2026
Read More
  • Business

SG Power Signs Deal To Distribute Japanese Medical Devices In Pakistan

  • Press Desk
  • July 8, 2026
Read More
  • Business

LUMS And PSW Sign MoU On Trade Facilitation

  • Press Desk
  • July 8, 2026
Read More
  • Business

Select Technologies IPO Oversubscribed By 73 Percent

  • Press Desk
  • July 8, 2026
Trending Posts
  • Zong and WWF-Pakistan Launch Indus River Dolphin Rescue Ambulance
    • July 15, 2026
  • PTCL Board Confirms Nadeem Khan as Permanent CEO
    • July 15, 2026
  • NA Committee Summons PTCL and Ufone Over Deteriorating Telecom Services
    • July 15, 2026
  • Pakistan Has Only 449 Active 5G Sites as NA Committee Raises Alarm
    • July 15, 2026
  • Usama Khan Says Pakistan Not Ready for Global Streaming Without Ending Ban Culture
    • July 15, 2026
about
CWPK Legacy
Launched in 1967 internationally, ComputerWorld is the oldest tech magazine/media property in the world. In Pakistan, ComputerWorld was launched in 1995. Initially providing news to IT executives only, once CIO Pakistan, its sister brand from the same family, was launched and took over the enterprise reporting domain in Pakistan, CWPK has emerged as a holistic technology media platform reporting everything tech in the country. It remains the oldest continuous IT publishing brand in the country and in 2025 is set to turn 30 years old, which will be its biggest benchmark and a legacy it hopes to continue for years to come. CWPK is part of the SPIN/IDG Wakhan media umbrella.
Read more
Explore Computerworld Sites Globally
  • computerworld.es
  • computerworld.com.pt
  • computerworld.com
  • cw.no
  • computerworldmexico.com.mx
  • computerwoche.de
  • computersweden.idg.se
  • computerworld.hu
Content from other IDG brands
  • PCWorld
  • Macworld
  • Infoworld
  • TechAdvisor
CW Pakistan CW Pakistan
  • CWPK
  • CXO
  • DEMO
  • WALLET

CW Media & all its sub-brands are copyrighted to SPIN-IDG Wakhan Media Inc., the publishing arm of NCC-RP Group. This site is designed by Crunch Collective. ©️1995-2026. Read Privacy Policy.

Input your search keywords and press Enter.