Home

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

PUBLISHED Reserved 2021-02-05 | Published 2021-06-11 | Updated 2025-12-04 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2025-12-03 | Due date 2025-12-24

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

youtu.be/k1teIStQr1A

packetstormsecurity.com/...1.0-1.1CE-Linux-Shell-Upload.html

forum.scadabr.com.br/...guranca-em-versoes-do-scadabr/3615/4

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2021-26828 government-resource

github.com/SCADA-LTS/Scada-LTS/pull/2174 issue-tracking

youtu.be/k1teIStQr1A

packetstormsecurity.com/...1.0-1.1CE-Linux-Shell-Upload.html

forum.scadabr.com.br/...guranca-em-versoes-do-scadabr/3615/4

cve.org (CVE-2021-26828)

nvd.nist.gov (CVE-2021-26828)

Download JSON