CVE-2021-26828 is a high-severity vulnerability affecting OpenPLC ScadaBR versions up to 0.9.1 on Linux and up to 1.12.4 on Windows. This vulnerability allows remote authenticated users to upload and execute arbitrary JSP files via the view_edit.shtm interface. With a CVSS score of 8.8, organizations must take this threat seriously as it can have significant implications for system integrity and availability.
Given the network attack vector and low complexity of exploitation, this vulnerability poses a considerable risk to organizations using affected versions of ScadaBR. Attackers may leverage this vulnerability to execute malicious code, leading to potential data compromise and operational disruption. Organizations should prioritize patching immediately to mitigate these risks.
The vulnerability was published on June 11, 2021, and remains relevant, particularly as it was added to the CISA Known Exploited Vulnerabilities catalog on December 3, 2025. As such, organizations must ensure they are using patched versions of the software to protect against this exploit.
In response to this vulnerability, ScadaBR has released patches, and organizations should implement these updates as part of their immediate remediation efforts. Failure to do so could result in unauthorized access and exploitation of critical systems.
Vulnerability Details
The OpenPLC ScadaBR vulnerability allows remote authenticated users to upload and execute arbitrary JSP files via the view_edit.shtm interface. The vulnerability is classified under CWE-434, which pertains to unrestricted upload of file with dangerous type. The CVSS score of 8.8 indicates a high severity level, reflecting the potential impact on confidentiality, integrity, and availability.
The affected versions are ScadaBR up to 0.9.1 on Linux and up to 1.12.4 on Windows. The vulnerability was published on June 11, 2021, and has been identified in multiple configurations of the software.
Technical Analysis
The root cause of CVE-2021-26828 lies in the improper validation of file uploads, which allows authenticated users to upload JSP files without appropriate checks. The attack vector is network-based, meaning that an attacker can exploit this vulnerability remotely.
The attack complexity is low, as the attacker requires only basic privileges to exploit this vulnerability. There is no user interaction required, which enhances the risk. The impacts on confidentiality, integrity, and availability are assessed as high, indicating a severe threat to affected systems.
Risk & Impact Analysis
Organizations utilizing OpenPLC ScadaBR must understand the real-world risks associated with CVE-2021-26828. The potential for arbitrary code execution presents significant threats to sensitive data and operational stability. The blast radius could be extensive, affecting not only the immediate environment but also interconnected systems.
Given the high CVSS score and its inclusion in the KEV catalog, organizations should address this vulnerability in their priority patch cycle. The urgency is critical, and immediate actions are required to ensure the security of affected systems.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | Yes |
Public PoC | Yes |
Actively Exploited | Yes |
Ransomware Use | No |
Affected Versions
The affected versions of OpenPLC ScadaBR include all releases up to 0.9.1 on Linux and up to 1.12.4 on Windows. Organizations should ensure they are using patched versions to prevent exploitation of this vulnerability.
Mitigation & Remediation
To mitigate the risk associated with CVE-2021-26828, organizations are advised to apply the latest patches provided by ScadaBR. If patches are unavailable, organizations should consider discontinuing the use of the software until mitigations are in place. Regular security assessments, including application security assessments, can help identify vulnerabilities related to this and other issues.
Detection Guidance
Organizations should monitor logs for indicators of file uploads or execution of JSP files that do not conform to expected behavior. Behavioral anomalies, such as unexpected changes in application performance or unauthorized access attempts, should also be investigated.
AppSecure Threat Intelligence Insight
The long-term significance of CVE-2021-26828 highlights the importance of secure file upload mechanisms. Security teams must recognize the potential for such vulnerabilities to compromise entire systems. The trend of unrestricted file uploads remains a common security flaw in many applications.
Organizations should adopt a proactive approach to security, including regular code reviews and penetration testing, to identify and mitigate vulnerabilities before they can be exploited. For further reading on effective security strategies, organizations can explore our penetration testing methodology and vulnerability management program design guides.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)