CVE-2026-8603
Awaiting Analysis
Awaiting Analysis - Queue
OS Command Injection in ScadaBR 1.2.0
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: ICS-CERT
Description
Description
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| scadabr | scadabr | 1.2.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS Command Injection found in ScadaBR version 1.2.0. It allows an attacker to execute arbitrary operating system commands with root privileges on the SCADA system.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could gain root access to the SCADA system, potentially leading to full control over the system. This could result in unauthorized actions such as disrupting operations, stealing sensitive data, or damaging critical infrastructure.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70