CyberSec.Space Logo
Back to CVE Browser

CVE-2021-26828

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score87.4520%
EPSS Percentile96.07th
PublishedJun 11, 2021
Last ModifiedDec 4, 2025

Vulnerability Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

Affected Platforms (CPE)

πŸ“¦
Scadabr

Scadabr

<= 0.9.1
πŸ“¦
Scadabr

Scadabr

<= 1.12.4

References & Advisories

πŸ”— http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4
πŸ”— http://packetstormsecurity.com/files/162564/ScadaBR-1.0-1.1CE-Linux-Shell-Upload.html
πŸ”— https://youtu.be/k1teIStQr1A
πŸ”— http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4
πŸ”— http://packetstormsecurity.com/files/162564/ScadaBR-1.0-1.1CE-Linux-Shell-Upload.html
πŸ”— https://youtu.be/k1teIStQr1A
πŸ”— https://github.com/SCADA-LTS/Scada-LTS/pull/2174
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26828

Related Vulnerabilities

CVE-2019-163216.1

ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH...

CVE-2019-163446.1

A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inj...

CVE-2021-268295.4

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...