CVE-2019-16344

Name of the Vulnerable Software and Affected Versions ScadaBR version 1.0CE

Description A cross-site scripting issue exists in the login form, specifically at the "/ScadaBR/login.htm" endpoint, allowing a remote attacker to inject arbitrary web script or HTML via the username or password parameters.

Recommendations For ScadaBR version 1.0CE, consider disabling the login form at the "/ScadaBR/login.htm" endpoint until a patch is available, or restrict access to this endpoint to minimize the risk of exploitation. Avoid using the username and password parameters in this endpoint until the issue is resolved.