The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added OpenPLC ScadaBR’s vulnerability to its Known Exploited Vulnerabilities (KEV) catalog after confirmed active exploitation. The flaw is CVE-2021-26829, a cross-site scripting (XSS) vulnerability that exists in the system_settings.shtm component and affects OpenPLC ScadaBR versions up to 0.9.1 on Linux and 1.12.4 on Windows. Exploitation can enable session hijacking and manipulation of critical SCADA settings, posing risk to federal systems and other critical infrastructure operators. Federal agencies were given a deadline (noted in various reports as around December 2025) to address the vulnerability, underscoring the urgency for patches and mitigations. The incident highlights the need for regular patching, secure deployment practices for open-source SCADA components, and centralized update mechanisms.
More News
- 41 People Who Almost Died Are Sharing How They Barely Survived
- 01 – Air Libre - Podcasts
- ‘My heart is broken’: Domestic worker mourns sister who died in Hong Kong fire
- Etihad to welcome over 2 million December passengers as winter travel demand soars
- « Le commerce en centre-ville n’est pas une cause perdue »
- ‘Reviewing it’: Hegseth on releasing video of Caribbean strike; survivors died on alleged drug boat
- Etihad's fly-past marks F1 finale in Abu Dhabi
- Steve Cropper, Stax Records and Blues Brothers Guitarist, Dies at 84
- OFFICIAL RACE PROGRAMME - 2025 Abu Dhabi Grand Prix
- November Routes Roundup: Etihad Airways Launches Abu Dhabi–Tokyo A380 Service