Vulnerability Details CVE-2021-26828
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.505
EPSS Ranking 97.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4
- http://packetstormsecurity.com/files/162564/ScadaBR-1.0-1.1CE-Linux-Shell-Upload.html
- https://youtu.be/k1teIStQr1A
- http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4
- http://packetstormsecurity.com/files/162564/ScadaBR-1.0-1.1CE-Linux-Shell-Upload.html
- https://youtu.be/k1teIStQr1A
Products affected by CVE-2021-26828
-
cpe:2.3:a:openplcproject:scadabr:*