PatchSiren

ScadaBR CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM ScadaBR CVE published 2026-05-28

CVE-2026-9646

A reflected cross-site scripting (XSS) vulnerability exists in URL handling, as reported by Tenable. The vulnerability has been assigned a CVSS 3.1 score of 6.1 (MEDIUM severity). The issue was published to the National Vulnerability Database on May 28, 2026. The weakness is categorized as CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page). No Known Exploited Vulnerabilities (KEV) [truncated]

CRITICAL ScadaBR CVE published 2026-05-28

CVE-2026-9645

CVE-2026-9645 documents a critical vulnerability in which authenticated users can create and execute arbitrary JavaScript code on the server with root privileges, enabling complete system compromise. The vulnerability was published to the NVD on 2026-05-28 with a CVSS 3.1 score of 9.9 (CRITICAL). Tenable has published a technical research advisory (TRA-2026-46) documenting this issue. The vendor identity [truncated]

HIGH ScadaBR CVE published 2026-05-19

CVE-2026-8604

CVE-2026-8604 is a high-severity cross-site request forgery (CSRF) issue affecting ScadaBR 1.2.0. According to the CVE description, an attacker could lure a logged-in user to a malicious webpage and use that user’s authenticated session to trigger privileged actions without their intent. The impact is especially important in environments where ScadaBR is used to manage industrial or operational systems, b [truncated]

HIGH ScadaBR CVE published 2026-05-19

CVE-2026-8603

CVE-2026-8603 is a high-severity OS command injection issue reported for ScadaBR 1.2.0. According to the CVE description, an attacker could execute commands as root on the SCADA system. The NVD record maps the weakness to CWE-78 and shows a CVSS v4.0 vector indicating network reachability, low attack complexity, no user interaction, and high impacts to confidentiality, integrity, and availability. Because [truncated]

CRITICAL ScadaBR CVE published 2026-05-19

CVE-2026-8602

CVE-2026-8602 describes a missing authentication issue in ScadaBR 1.2.0 that can let an unauthenticated attacker send HTTP GET requests to the SCADA system and inject arbitrary sensor readings. Because the issue is reachable over the network and affects integrity and availability, exposed deployments should treat it as high priority.