CISA published ICS advisory ICSA-26-139-03 for ScadaBR 1.2.0, detailing CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, and CVE-2026-8605. The flaws include missing authentication, OS command injection, CSRF, and hard-coded credentials, and could allow unauthenticated attackers to inject sensor readings, gain admin access, or execute commands on the SCADA system. CISA said ScadaBR had not responded to mitigation requests.
Why it matters: ScadaBR is used in critical infrastructure sectors including energy, water, chemical, dams, and manufacturing, so these bugs present serious operational risk. Defenders should urgently identify exposed ScadaBR 1.2.0 systems and apply mitigations or isolate them, especially given the lack of a vendor response noted by CISA.
CISA
2026.05.19
100% relevant
This article establishes a distinct new vulnerability story: a newly published CISA ICS advisory covering four specific ScadaBR CVEs with critical impact on industrial control systems.
← Back to all stories