top of page

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

3 december 2025 om 00:00:00

cisa.gov

OpenPLC ScadaBR contains an unrestricted file upload vulnerability (CVE-2021-26828) that allows remote authenticated users to upload and execute arbitrary JSP files via the view_edit.shtm endpoint. This vulnerability affects the open-source SCADA system and could potentially impact other products that use similar components. The flaw enables attackers with valid credentials to achieve code execution by uploading malicious JSP files without proper validation or restrictions on file types.

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-26828https://github.com/SCADA-LTS/Scada-LTS/pull/2174

Related CVE's:

CVE-2021-26828

Related threat actors:

No threat actors found in this article

Affected products:

OpenPLC ScadaBR

IOC's:

No IOCs found in this article

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page