Detections
Analytics

CVE-2021-26829

medium

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

References

https://www.forescout.com/blog/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics/

https://securityaffairs.com/185327/hacking/u-s-cisa-adds-new-openplc-scadabr-flaw-to-its-known-exploited-vulnerabilities-catalog.html

https://www.securityweek.com/cisa-warns-of-scadabr-vulnerability-after-hacktivist-ics-attack/

https://securityaffairs.com/185185/security/u-s-cisa-adds-an-openplc-scadabr-flaw-to-its-known-exploited-vulnerabilities-catalog.html

https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html

https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalog

https://www.databreachtoday.com/pro-russian-twonet-hacktivists-target-water-utility-honeypot-a-29714

https://www.theregister.com/2025/10/10/russia_hacktivists_honeytrap/

https://www.infosecurity-magazine.com/news/russia-hacktivistsattack-water/

https://www.bleepingcomputer.com/news/security/hacktivists-target-critical-infrastructure-hit-decoy-plant/

https://youtu.be/Xh6LPCiLMa8

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26829

http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4

Details

Source: Mitre, NVD

Published: 2021-06-11

Updated: 2025-12-01

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.17378