CVE-2021-26829

CVSS v2.0

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: OpenPLC ScadaBR versions 0.9.1 and earlier on Linux OpenPLC ScadaBR versions 1.12.4 and earlier on Windows

Description: The issue allows stored XSS via the system settings.shtm file. This can potentially lead to malicious script execution on the client-side.

Recommendations: For OpenPLC ScadaBR versions 0.9.1 and earlier on Linux, update to a version later than 0.9.1 to resolve the issue. For OpenPLC ScadaBR versions 1.12.4 and earlier on Windows, update to a version later than 1.12.4 to resolve the issue. As a temporary workaround, consider restricting access to the system settings.shtm file until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-26829

Affected Products

Windows

CVE-2021-26829

Weakness Enumeration

Related Identifiers

Affected Products

References · 7