Home

Description

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

PUBLISHED Reserved 2026-05-14 | Published 2026-05-19 | Updated 2026-05-19 | Assigner icscert




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

Product status

Default status
unaffected

1.2.0
affected

Credits

Arad Inbar, Nir Somech, Ben Grinberg, Daniel Lubel, Erez Cohen, and Adiel Sol of DREAM reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-139-03 government-resource

cve.org (CVE-2026-8603)

nvd.nist.gov (CVE-2026-8603)

Download JSON