CVE-2026-8602

In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings...

CVE-2026-8605

CVE-2026-8605 affects ScadaBR 1.2.0 via a Use of Hard-Coded Credentials vulnerability that could let an attacker access the SCADA system as admin. The provided sources specify admin-level access without authentication, with CVSS 3.1 indicating a CRITICAL impact (score 9.8) and network access with...

CVE-2026-8604

CVE-2026-8604 concerns ScadaBR 1.2.0 and is described as a CSRF vulnerability that could allow an attacker to trigger any authenticated action via a victim’s session by convincing a logged-in user to visit a malicious page. The available sources confirm the affected software and the underlying is...

CVE-2026-8603

In ScadaBR 1.2.0, an OS command injection vulnerability could allow an attacker to execute commands as root on the SCADA system. The issue is described as a network‑level vulnerability with no user interaction required, and could impact confidentiality, integrity, and availability (all HIGH). The...

EUVD-2026-30961

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

CVE-2026-8603 Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

CVE-2026-8602

CVE-2026-8602 affects ScadaBR 1.2.0, described as a Missing Authentication for Critical Function vulnerability that could allow an unauthenticated attacker to send HTTP GET requests to the SCADA system and inject arbitrary sensor readings. The connected documents provide concrete details: vulnera...

Sensorweb ScadaBR 跨站请求伪造漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to cross-site request forgeing. This vulnerability arises when attackers...

Sensorweb ScadaBR 操作系统命令注入漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains a vulnerability related to operating system command injection. This vulnerability arises from OS...

Sensorweb ScadaBR 访问控制错误漏洞

Sensorweb ScadaBR is a set of open-source software developed by Sensorweb Corporation for creating automated data acquisition and monitoring applications. Version 1.2.0 of Sensorweb ScadaBR contains an access control vulnerability. This vulnerability stems from the lack of authentication for...

PT-2026-41989

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system...

CVE-2025-70973

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs i...

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

CVE-2021-26829

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via systemsettings.shtm...

CVE-2019-16321

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATHINFO...