Supervisory control and data acquisition (SCADA) systems play an important role in electrical power systems, which is one of the most critical infrastructures. They usually include digital controllers like PLCs to realize the automation of electromechanical processes and to accomplish the real time services. Ensuring a secure communication between these field devices and the command center is vital from the security point of view. Because the most vulnerable part of SCADA systems is their communication protocols, this work focuses on the weaknesses of SCADA systems against the internal cyber-attacks such as Denial of Service (DoS), Man-in-the-Middle (MITM) and Replay. For this aim, a sample SCADA testbed environment has been designed at first and then the attacks mentioned above are tested on it. Experimental results show that although SCADA systems accomplish some mission critical tasks, the protocols used in their communication systems still lack of crucial security measures. Therefore, some immediate precautions to mitigate the vulnerabilities are suggested at the end of study.