Stored XSS Vulnerability in OpenPLC ScadaBR on Linux and Windows
CVE-2021-26829

5.4MEDIUM

Key Information:

Vendor: Openplcproject
Status: Scadabr
Vendor: CVE Published:; 11 June 2021

🔔 Create Openplcproject Vulnerability Alert

What is CVE-2021-26829?

The OpenPLC ScadaBR application, versions up to 0.9.1 for Linux and 1.12.4 for Windows, is prone to a stored cross-site scripting vulnerability. This issue arises when user-supplied data is not adequately sanitized in system_settings.shtm, allowing an attacker to inject malicious scripts. If exploited, this vulnerability can lead to unauthorized access to sensitive information and various forms of attacks on users accessing the affected application.

References

https://youtu.be/Xh6LPCiLMa8

x_refsource_MISC

http://forum.scadabr.com.br/t/report-falhas-de-seguranca-...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2021
Vulnerability Reserved
Feb 5, 2021