{"id":1585772,"date":"2025-03-19T07:10:29","date_gmt":"2025-03-19T09:10:29","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-defauts-critiques-de-myscada-mypro-pourraient-laisser-les-attaquants-reprendre-les-systemes-de-controle-industriel\/"},"modified":"2025-03-19T07:10:34","modified_gmt":"2025-03-19T09:10:34","slug":"les-defauts-critiques-de-myscada-mypro-pourraient-laisser-les-attaquants-reprendre-les-systemes-de-controle-industriel","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-defauts-critiques-de-myscada-mypro-pourraient-laisser-les-attaquants-reprendre-les-systemes-de-controle-industriel\/","title":{"rendered":"Les d\u00e9fauts critiques de MyScada Mypro pourraient laisser les attaquants reprendre les syst\u00e8mes de contr\u00f4le industriel"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">19 mars 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 du r\u00e9seau<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Les-defauts-critiques-de-MyScada-Mypro-pourraient-laisser-les-attaquants.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Les chercheurs en cybers\u00e9curit\u00e9 ont divulgu\u00e9 les d\u00e9tails de deux d\u00e9fauts critiques ayant un impact <a rel=\"noopener nofollow\" href=\"https:\/\/www.myscada.org\/mypro\/\" target=\"_blank\">mypro<\/a>un syst\u00e8me de contr\u00f4le de contr\u00f4le et d&#8217;acquisition de donn\u00e9es (SCADA) utilis\u00e9 dans les environnements de technologie op\u00e9rationnelle (OT), qui pourraient permettre aux acteurs malveillants de prendre le contr\u00f4le des syst\u00e8mes sensibles.<\/p>\n<p>&#8220;Ces vuln\u00e9rabilit\u00e9s, si elles sont exploit\u00e9es, pourraient accorder un acc\u00e8s non autoris\u00e9 aux r\u00e9seaux de contr\u00f4le industriel, ce qui entra\u00eene potentiellement de graves perturbations op\u00e9rationnelles et des pertes financi\u00e8res&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 suisse <a rel=\"noopener nofollow\" href=\"https:\/\/catalyst.prodaft.com\/public\/report\/myscada-mypro-manager-and-runtime-rce-vulnerabilities\/overview\" target=\"_blank\">dit<\/a>.<\/p>\n<p>La liste des lacunes, toutes deux not\u00e9es 9.3 sur le syst\u00e8me de notation CVSS V4, est ci-dessous &#8211;<\/p>\n<ul>\n<li><strong><a rel=\"noopener nofollow\" href=\"https:\/\/github.com\/advisories\/GHSA-mjq9-gqhq-gfvh\" target=\"_blank\">CVE-2025-20014<\/a><\/strong>  &#8211; Une vuln\u00e9rabilit\u00e9 d&#8217;injection de commande du syst\u00e8me d&#8217;exploitation qui pourrait permettre \u00e0 un attaquant d&#8217;ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me affect\u00e9 via des demandes de poste sp\u00e9cialement con\u00e7ues contenant un param\u00e8tre de version<\/li>\n<li><strong><a rel=\"noopener nofollow\" href=\"https:\/\/github.com\/advisories\/GHSA-8226-6jj5-9jvr\" target=\"_blank\">CVE-2025-20061<\/a><\/strong>  &#8211; Une vuln\u00e9rabilit\u00e9 d&#8217;injection de commande du syst\u00e8me d&#8217;exploitation qui pourrait permettre \u00e0 un attaquant d&#8217;ex\u00e9cuter des commandes arbitraires sur le syst\u00e8me affect\u00e9 via des demandes de poste sp\u00e9cialement con\u00e7ues contenant un param\u00e8tre de messagerie<\/li>\n<\/ul>\n<p>L&#8217;exploitation r\u00e9ussie des deux d\u00e9fauts pourrait permettre \u00e0 un attaquant d&#8217;injecter des commandes syst\u00e8me et d&#8217;ex\u00e9cuter du code arbitraire. Les probl\u00e8mes ont \u00e9t\u00e9 trait\u00e9s dans les versions suivantes &#8211;<\/p>\n<ul>\n<li aria-level=\"1\">MyScada Pro Manager 1.3<\/li>\n<li aria-level=\"1\">MyScada Pro Runtime 9.2.1<\/li>\n<\/ul>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/cloud-ai-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/VMware-Security-Flaws-exploite-dans-la-nature-BroadCom-publie.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Selon Prodaft, les deux vuln\u00e9rabilit\u00e9s d\u00e9coulent d&#8217;un \u00e9chec \u00e0 <a rel=\"noopener nofollow\" href=\"https:\/\/cwe.mitre.org\/data\/definitions\/78.html\" target=\"_blank\">d\u00e9sinfecter les entr\u00e9es des utilisateurs<\/a>ouvrant ainsi la porte \u00e0 une injection de commandement.<\/p>\n<p>&#8220;Ces vuln\u00e9rabilit\u00e9s mettent en \u00e9vidence les risques de s\u00e9curit\u00e9 persistants dans les syst\u00e8mes SCADA et la n\u00e9cessit\u00e9 de d\u00e9fenses plus fortes&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. &#8220;L&#8217;exploitation pourrait entra\u00eener des perturbations op\u00e9rationnelles, des pertes financi\u00e8res et des risques de s\u00e9curit\u00e9.&#8221;<\/p>\n<p>Les organisations sont recommand\u00e9es pour appliquer les derniers correctifs, appliquer la segmentation des r\u00e9seaux en isolant les syst\u00e8mes SCADA des r\u00e9seaux informatiques, en appliquant une solide authentification et en surveillant une activit\u00e9 suspecte.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/03\/critical-myscada-mypro-flaws-could-let.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80219 mars 2025\ue804Ravie LakshmananVuln\u00e9rabilit\u00e9 \/ s\u00e9curit\u00e9 du r\u00e9seau Les chercheurs en cybers\u00e9curit\u00e9 ont divulgu\u00e9 les d\u00e9tails de deux d\u00e9fauts critiques ayant un impact myproun syst\u00e8me de contr\u00f4le de contr\u00f4le et d&#8217;acquisition de donn\u00e9es (SCADA) utilis\u00e9 dans les environnements de technologie op\u00e9rationnelle (OT), qui pourraient permettre aux acteurs malveillants de prendre le contr\u00f4le des syst\u00e8mes sensibles. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1585773,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[274266,274265,11865,4168,3976,5729,79002,274264,4161,274263,6124,37939,7459,2257,65,274267,4160,287883,155132,1612,8724,238617,246491,4172,5046,79016,4166,4164],"class_list":["post-1585772","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-attaquants","tag-comment-pirater","tag-controle","tag-critiques","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-defauts","tag-industriel","tag-laisser","tag-les","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-mypro","tag-myscada","tag-pourraient","tag-reprendre","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-systemes","tag-the-hacker-news","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1585772","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1585772"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1585772\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1585773"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1585772"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1585772"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1585772"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}