Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.7 views

CVE-2026-8605

In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin...

9.8CVSS5.5AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.7 views

CVE-2026-8603

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

9.8CVSS5.7AI score0.01317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 8:30 p.m.11 views

CVE-2026-9645 ScadaBR Authenticated Remote Code Execution

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root...

9.9CVSS6.2AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 6:16 p.m.26 views

CVE-2026-8602

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

9.1CVSS0.00448EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 5:8 p.m.18 views

CVE-2026-8605

CVE-2026-8605 affects ScadaBR 1.2.0 via a Use of Hard-Coded Credentials vulnerability that could let an attacker access the SCADA system as admin. The provided sources specify admin-level access without authentication, with CVSS 3.1 indicating a CRITICAL impact (score 9.8) and network access with...

9.8CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/19 5:5 p.m.18 views

CVE-2026-8604

CVE-2026-8604 concerns ScadaBR 1.2.0 and is described as a CSRF vulnerability that could allow an attacker to trigger any authenticated action via a victim’s session by convincing a logged-in user to visit a malicious page. The available sources confirm the affected software and the underlying is...

8.8CVSS5.8AI score0.00178EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 5:3 p.m.9 views

CVE-2026-8603 Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

8.7CVSS5.9AI score0.01317EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 5:3 p.m.26 views

CVE-2026-8603

In ScadaBR 1.2.0, an OS command injection vulnerability could allow an attacker to execute commands as root on the SCADA system. The issue is described as a network‑level vulnerability with no user interaction required, and could impact confidentiality, integrity, and availability (all HIGH). The...

9.8CVSS5.9AI score0.01317EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/19 5:3 p.m.8 views

EUVD-2026-30961

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

8.7CVSS5.9AI score0.01317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 5:0 p.m.42 views

CVE-2026-8602 Missing authentication for critical function in ScadaBR

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

8.8CVSS0.00448EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 5:0 p.m.31 views

CVE-2026-8602

CVE-2026-8602 affects ScadaBR 1.2.0, described as a Missing Authentication for Critical Function vulnerability that could allow an unauthenticated attacker to send HTTP GET requests to the SCADA system and inject arbitrary sensor readings. The connected documents provide concrete details: vulnera...

9.1CVSS5.9AI score0.00448EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.13 views

Sensorweb ScadaBR 访问控制错误漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains an access control vulnerability. This vulnerability stems from the lack of authentication for...

9.1CVSS6AI score0.00448EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

Sensorweb ScadaBR 操作系统命令注入漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to operating system command injection. This vulnerability arises from OS...

9.8CVSS5.9AI score0.01317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.8 views

Sensorweb ScadaBR 跨站请求伪造漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to cross-site request forgeing. This vulnerability arises when attackers...

8.8CVSS5.7AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41989

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

8.7CVSS5.9AI score0.01317EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 12:0 a.m.2 views

CVE-2025-70973

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs i...

5.8AI score0.002EPSS
Exploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2025/12/03 12:0 a.m.10 views

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

8.8CVSS7.5AI score0.39096EPSS
In wildExploits8
BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.5 views

The system’s vulnerability regarding data collection and automation process control in ScadaBR, related to unlimited loading of dangerous type files, allows a intruder to execute arbitrary code.

The vulnerability of the ScadaBR system for data collection and automation process control is related to the unlimited loading of dangerous type files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file named viewedit.shtm...

8.8CVSS8.3AI score0.39096EPSS
Exploits8References7Affected Software1
OSV
OSV
added 2021/06/11 12:15 p.m.5 views

CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

8.8CVSS8.5AI score0.39096EPSS
Exploits8References5
Vulnrichment
Vulnrichment
added 2021/06/11 11:10 a.m.2 views

CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

7AI score0.39096EPSS
Exploits8References3
Rows per page
Query Builder