OpenPLC CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited OpenPLC CVE published 2025-12-03

CVE-2021-26828

CVE-2021-26828 is an unrestricted upload of file with dangerous type vulnerability affecting OpenPLC ScadaBR. CISA has added it to the Known Exploited Vulnerabilities catalog, which means defenders should treat it as an urgent remediation item rather than a routine patch. If ScadaBR is exposed or reachable in production, prioritize mitigation immediately and follow CISA guidance if no effective mitigation [truncated]

Known exploited OpenPLC CVE published 2025-11-28

CVE-2021-26829

CVE-2021-26829 is a cross-site scripting vulnerability in OpenPLC ScadaBR that CISA added to the Known Exploited Vulnerabilities (KEV) catalog. Because it is listed in KEV, defenders should treat it as actively important and prioritize vendor mitigations or alternative controls. The public source material provided here does not include affected version ranges or technical exploit details, so response shou [truncated]