ScadaBR

Plan PatchCVSS 9.1ICS-CERT ICSA-26-139-03May 19, 2026

Energy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

ScadaBR version 1.2.0 contains multiple vulnerabilities (CWE-306 missing authentication, CWE-78 command injection, CWE-352 CSRF, CWE-798 hardcoded credentials) that allow unauthenticated remote code execution. An attacker can execute arbitrary commands on the system remotely. The vendor has not engaged with CISA to develop mitigations.

What this means

What could happen

An attacker can remotely run arbitrary commands on your ScadaBR system without authentication, potentially allowing them to alter monitoring data, change process settings, or disable alarms in your energy control systems.

Who's at risk

Energy sector operators using ScadaBR version 1.2.0 for SCADA monitoring and control. This affects utility companies, power plants, and grid operators who rely on ScadaBR for real-time system monitoring and alarming.

How it could be exploited

An attacker on your network or the internet can send specially crafted requests to the ScadaBR web interface (typically port 8080) to bypass authentication and execute arbitrary system commands, gaining full control of the monitoring and control platform.

Prerequisites

Network access to the ScadaBR web service (default port 8080)
No credentials required
ScadaBR version 1.2.0

remotely exploitableno authentication requiredlow complexityhigh EPSS score (9.1 CVSS)no patch available from vendoraffects critical control systems

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

ScadaBR: 1.2.01.2.0Fix available

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDImmediately restrict network access to the ScadaBR web service (port 8080) using firewall rules—allow only trusted engineering workstations and control networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXContact ScadaBR customer support via https://github.com/ScadaBR to obtain a patched version or migrate to an alternative SCADA monitoring platform

HARDENINGEnable detailed logging and alerting on all network traffic to and from the ScadaBR system to detect unauthorized access attempts

Long-term hardening

0/1

HARDENINGIsolate the ScadaBR system on a dedicated network segment separate from corporate IT networks and external internet connectivity

CVEs (4)

CVE-2026-8602 CVE-2026-8603 CVE-2026-8604 CVE-2026-8605

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/22afa957-4be3-4c3a-b1c7-2f4c2b5d58af

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.