{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/scadabr-1.2.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ScadaBR 1.2.0"],"_cs_severities":["critical"],"_cs_tags":["scada","ics","rce","command-injection"],"_cs_type":"advisory","_cs_vendors":["ScadaBR"],"content_html":"\u003cp\u003eScadaBR version 1.2.0 is affected by multiple vulnerabilities that could lead to unauthenticated remote code execution. These vulnerabilities include missing authentication for critical functions (CVE-2026-8602), OS command injection (CVE-2026-8603), cross-site request forgery (CSRF) (CVE-2026-8604), and the use of hard-coded credentials (CVE-2026-8605). Successful exploitation of these vulnerabilities could allow an attacker to inject arbitrary sensor readings, execute commands as root, trigger authenticated actions through a victim\u0026rsquo;s session, or access the SCADA system as an administrator. These vulnerabilities impact critical infrastructure sectors including Critical Manufacturing, Dams, Chemical, Energy, Water, and Wastewater, with deployments worldwide.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends an HTTP GET request to the SCADA system (CVE-2026-8602).\u003c/li\u003e\n\u003cli\u003eThe system, lacking proper authentication, accepts the request.\u003c/li\u003e\n\u003cli\u003eThe attacker injects arbitrary sensor readings into the SCADA system via the HTTP GET request (CVE-2026-8602).\u003c/li\u003e\n\u003cli\u003eAn attacker leverages the CSRF vulnerability (CVE-2026-8604) by luring a logged-in user to a malicious webpage.\u003c/li\u003e\n\u003cli\u003eThe malicious webpage triggers authenticated actions within the victim\u0026rsquo;s session without their knowledge or consent.\u003c/li\u003e\n\u003cli\u003eThe attacker exploits the OS command injection vulnerability (CVE-2026-8603) to execute commands as root on the SCADA system.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker utilizes hard-coded credentials (CVE-2026-8605) to gain administrative access to the SCADA system.\u003c/li\u003e\n\u003cli\u003eWith administrative access, the attacker manipulates critical control system functions, leading to potential disruption or damage.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can lead to severe consequences, including manipulation of sensor data, unauthorized command execution at the root level, and complete system takeover. Given the affected sectors (Critical Manufacturing, Dams, Chemical, Energy, Water and Wastewater), a successful attack could result in significant disruption to essential services, environmental damage, or even physical harm. The lack of vendor response further exacerbates the risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply network segmentation to minimize network exposure for all control system devices and ensure they are not directly accessible from the internet.\u003c/li\u003e\n\u003cli\u003ePlace control system networks and remote devices behind firewalls, isolating them from business networks as recommended by CISA.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP GET requests without proper authentication headers targeting ScadaBR instances to detect potential CVE-2026-8602 exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement stricter input validation and output encoding mechanisms to prevent OS command injection attacks as referenced in CVE-2026-8603 and CWE-78.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T16:16:18Z","date_published":"2026-05-19T16:16:18Z","id":"https://feed.craftedsignal.io/briefs/2026-05-scadabr-rce/","summary":"Multiple vulnerabilities exist in ScadaBR version 1.2.0, including CVE-2026-8602, CVE-2026-8603, CVE-2026-8604, and CVE-2026-8605, which could allow for unauthenticated remote code execution.","title":"ScadaBR Multiple Vulnerabilities Allow Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-05-scadabr-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — ScadaBR 1.2.0","version":"https://jsonfeed.org/version/1.1"}