CVE-2021-26828

Name of the Vulnerable Software and Affected Versions OpenPLC ScadaBR versions through 0.9.1 on Linux OpenPLC ScadaBR versions through 1.12.4 on Windows

Description The ScadaBR system, designed for data collection and process automation control, is affected by multiple issues. One issue involves insufficient protection of the agentpushPreset structure within the administrative interface page system settings.shtm, potentially allowing for cross-site scripting (XSS) attacks. Another issue allows remote authenticated users to upload and execute arbitrary JSP files through the view edit.shtm file. This is due to unrestricted file upload of dangerous file types. The view edit.shtm file is used as the entry point for exploitation.

Recommendations OpenPLC ScadaBR versions through 0.9.1 on Linux: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenPLC ScadaBR versions through 1.12.4 on Windows: At the moment, there is no information about a newer version that contains a fix for this vulnerability.