PT-2026-44538 · Scadabr · Scadabr

Published

2026-05-28

Updated

2026-05-29

CVE-2026-9645

CVSS v3.1

9.9

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ScadaBR version 1.2.0

Description Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. These scripts execute with full access, enabling complete system compromise as commands are executed as root.

Recommendations Update ScadaBR version 1.2.0 to a newer version that contains a fix for this issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-9645

Affected Products

Scadabr

PT-2026-44538 · Scadabr · Scadabr

CVE-2026-9645

Weakness Enumeration

Related Identifiers

Affected Products

References · 3