CVE-2026-8604 ScadaBR CVE debrief

Who should care

ScadaBR 1.2.0 administrators, OT/ICS operators, security teams responsible for web-based control interfaces, and anyone relying on authenticated ScadaBR sessions for sensitive actions.

Technical summary

The supplied NVD record identifies CWE-352 (CSRF) and a CVSS v4.0 vector showing network attack, low complexity, no privileges, and user interaction required. The vulnerable condition is session abuse: if a legitimate user is authenticated to ScadaBR and visits an attacker-controlled page, forged requests may execute actions with that user’s privileges. NVD lists the vulnerability status as Awaiting Analysis and references a CISA ICS advisory.

Defensive priority

High. The issue requires user interaction, but it can directly manipulate authenticated actions and is scored 8.6 HIGH in the supplied data.

Recommended defensive actions

• Identify whether ScadaBR 1.2.0 is deployed anywhere in your environment.
• Treat the issue as a web-session integrity risk for any exposed ScadaBR instance.
• Limit access to ScadaBR to trusted networks and reduce exposure of authenticated management interfaces.
• Review whether the product has an available fix or vendor guidance, and apply it as soon as practical.
• If supported by the deployment, enforce stronger session protections such as short session lifetimes, re-authentication for sensitive actions, and CSRF-resistant web settings.
• Monitor CISA, NVD, and the CVE record for updated analysis or remediation details.

Evidence notes

The CVE description explicitly states that ScadaBR version 1.2.0 is affected by CSRF and that an attacker could trigger authenticated actions through a victim’s session by luring a logged-in user to a malicious webpage. The NVD metadata classifies the weakness as CWE-352 and includes a CVSS v4.0 vector with user interaction required. The supplied source item also lists a CISA ICS advisory reference.

Official resources