Important vulnerability has been added to CISA’s Identified Exploited Vulnerabilities checklist, warning organizations a few harmful file-upload flaw in OpenPLC ScadaBR methods.
The vulnerability permits distant authenticated customers to add and execute arbitrary JSP information by way of the view_edit.shtm interface, creating a major threat for industrial management system environments.
OpenPLC ScadaBR File Add Vulnerability
OpenPLC ScadaBR, a web-based industrial automation platform, comprises an unrestricted file add vulnerability categorized beneath CWE-434 (Unrestricted Add of File with Harmful Sort).
This weak spot allows authenticated attackers to bypass safety controls and inject malicious code straight into susceptible methods.
The flexibility to add and execute JSP information gives attackers with persistent entry and the power to execute code throughout the industrial surroundings.
FieldDetailsCVE IDCVE-2021-26828Vulnerability TypeUnrestricted Add of File with Harmful TypeAffected ProductOpenPLC ScadaBRAttack VectorNetwork-based, RemoteCVSS SeverityCriticalImpactRemote Code Execution (RCE) by way of JSP file add
Doubtlessly disrupting crucial operations or facilitating lateral motion inside industrial networks.
Organizations should handle this vulnerability by December 24, 2025, in accordance with CISA’s deadline. Federal businesses and demanding infrastructure operators ought to prioritize instant remediation.
CISA recommends three main programs of motion: first, apply vendor-supplied mitigations in accordance with producer directions.
Second, for cloud-based deployments, comply with the steerage outlined in Binding Operational Directive (BOD 22-01). Third, discontinue use of OpenPLC ScadaBR if sufficient mitigations stay unavailable.
Whereas CISA has not confirmed this vulnerability’s use in lively ransomware campaigns, the character of the flaw makes it notably engaging to menace actors concentrating on industrial management methods.
File add vulnerabilities in industrial automation platforms signify a direct path to system compromise.
Particularly in environments the place safety monitoring could also be restricted. The three-week remediation window underscores the severity of the menace panorama.
Organizations working OpenPLC ScadaBR ought to instantly stock affected methods and validate their present patch standing.
Safety groups ought to implement community segmentation to restrict entry to administrative interfaces. Prohibit file uploads by way of firewall guidelines the place attainable, and improve monitoring for suspicious JSP file uploads.
Moreover, organizations ought to overview entry logs for proof of exploitation and coordinate with their industrial automation distributors to substantiate patch availability and deployment procedures.
This CISA alert highlights the continued dangers in industrial management methods. It underscores the significance of sustaining present patch administration practices in operational environments.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
