CVE-2021-26828 OpenPLC CVE debrief

Who should care

Organizations running OpenPLC ScadaBR, especially OT/ICS and SCADA teams, security operations, vulnerability management teams, and any administrators responsible for internet-facing or business-critical deployments.

Technical summary

The issue is identified as an unrestricted upload of file with dangerous type in OpenPLC ScadaBR. At a minimum, this class of flaw can allow unauthorized placement of files that should not be accepted by the application, creating a path to broader compromise depending on how the product is deployed. CISA lists the vulnerability in its Known Exploited Vulnerabilities catalog, indicating active defensive urgency.

Defensive priority

High — CISA KEV-listed; remediate immediately and do not defer beyond the KEV due date if the product is in use.

Recommended defensive actions

• Inventory all OpenPLC ScadaBR deployments and determine whether any instance is externally reachable or production-critical.
• Apply vendor-recommended mitigations or updates as soon as possible.
• If effective mitigations are not available, discontinue use of the product per CISA guidance.
• Restrict access to any upload-related functionality and limit exposure to trusted administrative networks only.
• Monitor for suspicious file creation, unexpected content in upload directories, and other indicators of unauthorized upload activity.
• If the product is used in cloud services, follow applicable BOD 22-01 guidance referenced by CISA.

Evidence notes

The vulnerability name, vendor project, and product are taken from the CISA KEV source item and the official KEV catalog entry. The KEV metadata explicitly marks CVE-2021-26828 as known exploited, with dateAdded 2025-12-03 and dueDate 2025-12-24. Official reference links provided in the corpus include the CVE record, NVD detail page, and CISA KEV catalog.

Official resources