VYPR

Scadabr

by Scadabr

Source repositories

CVEs (9)

  • CVE-2026-8605CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.00

    In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.

  • CVE-2026-8603CriMay 19, 2026
    risk 0.64cvss 9.8epss 0.01

    In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

  • CVE-2026-8602CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.

  • CVE-2026-8604HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.

  • CVE-2025-70973MedMar 9, 2026
    risk 0.31cvss 4.8epss 0.00

    ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once…

  • CVE-2021-26828KEVJun 11, 2021
    risk 0.18cvss epss 0.39

    OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

  • CVE-2021-26829KEVJun 11, 2021
    risk 0.13cvss epss 0.48

    OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

  • CVE-2019-16344Oct 14, 2019
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.

  • CVE-2019-16321Sep 15, 2019
    risk 0.00cvss epss 0.01

    ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.