vulnerability

ScadaBR: CVE-2021-26828: Unrestricted Upload of File with Dangerous Type

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Jun 11, 2021	Dec 5, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Jun 11, 2021

Added

Dec 5, 2025

Modified

Dec 5, 2025

Description

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

Solution

scadabr-upgrade-latest

References

CVE-2021-26828
https://attackerkb.com/topics/CVE-2021-26828
URL-http://forum.scadabr.com.br/t/report-falhas-de-seguranca-em-versoes-do-scadabr/3615/4
URL-http://packetstormsecurity.com/files/162564/ScadaBR-1.0-1.1CE-Linux-Shell-Upload.html
URL-https://youtu.be/k1teIStQr1A
CWE-434

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today