CVE-2021-26829

medium

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

References

Exploits
More

https://www.databreachtoday.com/pro-russian-twonet-hacktivists-target-water-utility-honeypot-a-29714

https://www.theregister.com/2025/10/10/russia_hacktivists_honeytrap/

https://www.infosecurity-magazine.com/news/russia-hacktivistsattack-water/

https://www.bleepingcomputer.com/news/security/hacktivists-target-critical-infrastructure-hit-decoy-plant/

https://youtu.be/Xh6LPCiLMa8

http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4

Details

Source: Mitre, NVD

Published: 2021-06-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00419