CVE-2021-26829

Name of the Vulnerable Software and Affected Versions OpenPLC ScadaBR versions through 0.9.1 on Linux and through 1.12.4 on Windows.

Description OpenPLC ScadaBR is affected by a stored cross-site scripting (XSS) vulnerability in the

system settings.shtm

file. This flaw allows attackers to execute malicious scripts in the context of a user's browser. The vulnerability has been actively exploited by the hacktivist group TwoNet, who successfully defaced a honeypot system simulating a water treatment facility within 26 hours of gaining initial access. The attack involved exploiting default credentials and utilizing the XSS vulnerability to disable system logs and alarms. The vulnerability is present in both Windows and Linux versions of the software. It is estimated that a significant number of devices worldwide may be vulnerable.

API Endpoints:

/system settings.shtm

Vulnerable Parameters or Variables: None explicitly mentioned.

Recommendations OpenPLC ScadaBR versions through 0.9.1 on Linux should be updated to a newer, secure version. OpenPLC ScadaBR versions through 1.12.4 on Windows should be updated to a newer, secure version.