CVE-2021-26829 | THREATINT

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

PUBLISHED Reserved 2021-02-05 | Published 2021-06-11 | Updated 2025-11-28 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2025-11-28 | Due date 2025-12-19

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

References

youtu.be/Xh6LPCiLMa8

forum.scadabr.com.br/...guranca-em-versoes-do-scadabr/3615/4

www.forescout.com/...ck-russian-aligned-group-targets-otics/ third-party-advisory

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2021-26829 government-resource

youtu.be/Xh6LPCiLMa8

forum.scadabr.com.br/...guranca-em-versoes-do-scadabr/3615/4

cve.org (CVE-2021-26829)

nvd.nist.gov (CVE-2021-26829)

Download JSON