CISA KEV 정보
| 취약점명 | OpenPLC ScadaBR Cross-site Scripting Vulnerability |
|---|---|
| 설명 | OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm. |
| 조치사항 | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-79 |
| 등록일 (KEV) | 2025-11-28 |
| 조치 기한 | 2025-12-19 |
| 추가 참고 | This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/3211 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26829 |
NVD 상세 정보
CVSS v3.1: 5.4 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NCVSS v2.0: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N설명: OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
CWE: CWE-79 | CWE-79
참조
- http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4 [Vendor Advisory]
- https://youtu.be/Xh6LPCiLMa8 [Exploit, Third Party Advisory]
- http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4 [Vendor Advisory]
- https://youtu.be/Xh6LPCiLMa8 [Exploit, Third Party Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26829 [US Government Resource]
- https://www.forescout.com/blog/anatomy-of-a-hacktivist-attack-russian-aligned-group-targets-otics/ [Third Party Advisory]
This product uses the NVD API but is not endorsed or certified by the NVD.