top of page
perceptive_background_267k.jpg

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary…

Published:

3 December 2025 at 00:00:00

Alert date:

5 December 2025 at 08:03:23

Source:

cisa.gov

Click to open the original link from this advisory

OpenPLC ScadaBR contains an unrestricted file upload vulnerability that allows authenticated users to upload and execute arbitrary JSP files through the view_edit.shtm endpoint. This vulnerability enables remote code execution on affected systems. The flaw affects the open-source SCADA system and could potentially impact various industrial control systems implementations. A fix has been developed and is available through the SCADA-LTS project repository.

Technical details

Mitigation steps:

Affected products:

OpenPLC ScadaBR

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-26828
https://github.com/SCADA-LTS/Scada-LTS/pull/2174

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page