PatchSiren cyber security CVE debrief
CVE-2021-26829 OpenPLC CVE debrief
CVE-2021-26829 is a cross-site scripting vulnerability in OpenPLC ScadaBR that CISA added to the Known Exploited Vulnerabilities (KEV) catalog. Because it is listed in KEV, defenders should treat it as actively important and prioritize vendor mitigations or alternative controls. The public source material provided here does not include affected version ranges or technical exploit details, so response should be guided by the vendor's instructions and the CISA KEV remediation deadline.
- Vendor
- OpenPLC
- Product
- ScadaBR
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2025-11-28
- Original CVE updated
- 2025-11-28
- Advisory published
- 2025-11-28
- Advisory updated
- 2025-11-28
Who should care
Organizations running OpenPLC ScadaBR, teams responsible for industrial/control-system web interfaces, and security operations teams that track CISA KEV items should prioritize this CVE. It also matters for any environment where users access ScadaBR through a browser and where injected script could affect sessions, user actions, or data displayed in the application.
Technical summary
CISA's KEV catalog identifies CVE-2021-26829 as a cross-site scripting issue in OpenPLC ScadaBR. Cross-site scripting vulnerabilities can allow attacker-supplied script to run in a victim's browser in the context of the affected application. The supplied corpus does not state the vulnerable component version, root cause, or exploitation chain, so the safest evidence-based response is to verify exposure against the official CVE/NVD records and apply vendor-provided mitigations or remove the product if mitigation is not available.
Defensive priority
High. CISA has placed this CVE in the KEV catalog, which is a strong signal to expedite remediation and exposure reduction.
Recommended defensive actions
- Confirm whether OpenPLC ScadaBR is deployed anywhere in your environment, including legacy or embedded installations.
- Review the official CVE and NVD records, then follow any vendor-provided mitigation or fix guidance.
- If mitigations are unavailable, discontinue use of the affected product as CISA advises.
- Apply the CISA KEV remediation timeline in your environment; the supplied record lists a due date of 2025-12-19.
- Monitor the application and related logs for suspicious input, unexpected browser-side behavior, or signs of script injection abuse.
- If this product is used in a cloud service context, follow applicable BOD 22-01 guidance.
- Use compensating controls such as input handling review, content restrictions, and access limitation while remediation is in progress.
Evidence notes
This debrief is based only on the supplied CISA KEV source item and the official links listed in the prompt. The source item names CVE-2021-26829 as 'OpenPLC ScadaBR Cross-site Scripting Vulnerability,' marks it as a KEV entry, and provides the remediation instruction to apply vendor mitigations or discontinue use if mitigations are unavailable. No affected versions, exploit steps, or remediation specifics beyond that are included in the supplied corpus.
Official resources
-
CVE-2021-26829 CVE record
CVE.org
-
CVE-2021-26829 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
-
Source item URL
cisa_kev
Publicly listed by CISA in the Known Exploited Vulnerabilities catalog on 2025-11-28. The supplied corpus does not include exploit proofs, affected versions, or detailed technical analysis.