CVE-2026-8602
Description
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In ScadaBR 1.2.0, an unauthenticated attacker can inject arbitrary sensor readings via HTTP GET requests due to missing authentication for critical functions.
Vulnerability
In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability (CWE-306) exists. The SCADA system fails to enforce authentication for HTTP GET requests that allow injecting arbitrary sensor readings. This affects ScadaBR version 1.2.0 [1].
Exploitation
An unauthenticated attacker can send specially crafted HTTP GET requests to the SCADA system. No prior authentication or user interaction is required. The attacker can inject arbitrary sensor readings by crafting the appropriate HTTP request targeting the vulnerable endpoint [1].
Impact
Successful exploitation allows an unauthenticated attacker to inject arbitrary sensor readings into the SCADA system, potentially affecting the integrity of monitoring data and operational decisions. The CIA impact includes compromised integrity of sensor data [1].
Mitigation
As of the publication date (2026-05-19), no fix or patched version has been released in the available references. Users should monitor the vendor's website for updates and consider network segmentation or access controls to limit exposure [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
1- ScadaBRCISA ICS Advisories