Hackers are targeting the second of two four-year-old vulnerabilities in the open-source supervisory control and data acquisition platform.
The US Cybersecurity and Infrastructure Agency (CISA) has added a second ScadaBR vulnerability to its catalogue of known exploited vulnerabilities.
CVE-2021-26828 is present in OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows and could allow remote, authenticated users to upload arbitrary code and ultimately perform remote code execution via .jsp files.
You’re out of free articles for this month Log in Sign up To continue reading the rest of this article, please log in. Username or Email Password Forgot password? Keep me signed in on this device. If you check this box before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later. If you check the box above before you log in, you won’t have to log back into the website next time you return, even if you close your browser and come back later. JavaScript is required for CAPTCHA verification to submit this form. or Login with a Passkey Create free account to get unlimited news articles and more! First Name Last Name Mobile Email Organisation Type Select Organisation Agriculture Automotive Aviation Construction Consulting Cyber Security Defence & National Security Education Energy Entertainment Engineering Financial Services Food Services Healthcare Hospitality IT & Software Development Law Enforce
The Hacker News cybersecurity rating report: https://www.rankiteo.com/company/thehackernews
"id": "THE1764914088",
"linkid": "thehackernews",
"type": "Vulnerability",
"date": "1/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': None,
'industry': 'Industrial Control Systems '
'(ICS)',
'location': None,
'name': 'ScadaBR (OpenPLC)',
'size': None,
'type': 'Open-source SCADA platform'}],
'attack_vector': 'Authenticated remote access via .jsp file '
'upload',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': '.jsp files',
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'Hackers are targeting two four-year-old '
'vulnerabilities in the open-source supervisory '
'control and data acquisition platform ScadaBR. '
'CVE-2021-26828 allows remote, authenticated '
'users to upload arbitrary code and perform '
'remote code execution via .jsp files in OpenPLC '
'ScadaBR through 0.9.1 on Linux and through '
'1.12.4 on Windows.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'OpenPLC ScadaBR (Linux: through '
'0.9.1, Windows: through 1.12.4)'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'US Cybersecurity and Infrastructure '
'Agency (CISA)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Exploitation of ScadaBR Vulnerabilities for Remote '
'Code Execution',
'type': 'Remote Code Execution (RCE)',
'vulnerability_exploited': 'CVE-2021-26828'}