Scadabr

scadabr

Vendor: Scadabr • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-8605 1Scadabr 1Scadabr May 21, 2026 May 19, 2026 5.1 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.
CVE-2026-8604 1Scadabr 1Scadabr May 21, 2026 May 19, 2026 8.6 HIGH· v4 8.8 HIGH· v3 N/A· v2 In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.
CVE-2026-8603 1Scadabr 1Scadabr May 21, 2026 May 19, 2026 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
CVE-2026-8602 1Scadabr 1Scadabr May 21, 2026 May 19, 2026 8.8 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.
CVE-2025-70973 1Scadabr 1Scadabr Apr 7, 2026 Mar 9, 2026 N/A· v4 4.8 MEDIUM· v3 N/A· v2 ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result,...Show more ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs in, allowing an attacker who knows the session ID to hijack an authenticated session.Show less
CVE-2021-26829 1Scadabr 1Scadabr Dec 1, 2025 Jun 11, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
CVE-2021-26828 1Scadabr 1Scadabr Dec 4, 2025 Jun 11, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
CVE-2019-16344 1Scadabr 1Scadabr Nov 21, 2024 Oct 14, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter.
CVE-2019-16321 1Scadabr 1Scadabr Nov 21, 2024 Sep 15, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.