Scadabr CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-8602	1 Scadabr	1 Scadabr	2026-05-19	N/A
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.
CVE-2026-8603	1 Scadabr	1 Scadabr	2026-05-19	N/A
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
CVE-2026-8604	1 Scadabr	1 Scadabr	2026-05-19	N/A
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.
CVE-2026-8605	1 Scadabr	1 Scadabr	2026-05-19	N/A
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.
CVE-2025-70973	1 Scadabr	1 Scadabr	2026-04-07	4.8 Medium
ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs in, allowing an attacker who knows the session ID to hijack an authenticated session.
CVE-2021-26828	3 Linux, Microsoft, Scadabr	3 Linux Kernel, Windows, Scadabr	2025-12-04	8.8 High
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
CVE-2021-26829	3 Linux, Microsoft, Scadabr	3 Linux Kernel, Windows, Scadabr	2025-12-02	5.4 Medium
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
CVE-2019-16344	1 Scadabr	1 Scadabr	2024-11-21	6.1 Medium
A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.
CVE-2019-16321	1 Scadabr	1 Scadabr	2024-11-21	6.1 Medium
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.

Page 1 of 1.