Vulnerability Management, Patch/Configuration Management

Old OpenPLC ScadaBR flaw added to CISA KEV after hacktivist attack

binary code and magnifying glass

SecurityWeek reports that active abuse of the medium-severity OpenPLC ScadaBR cross-site scripting flaw, tracked as CVE-2021-26829, has prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the security weakness by Dec. 19.

Attacks involving the XSS vulnerability have been launched by pro-Russian hacktivist group TwoNet against a water treatment facility honeypot in October, according to Forescout, which noted the defacement of the related human-machine interface login page's description.

Despite the lack of real-world implications from the honeypot targeting, exploitation of CVE-2021-26829 was previously found to potentially enable arbitrary code execution and session takeovers. No other in-the-wild abuse of the flaw has been observed so far. Such a development comes as water sector industrial control systems and operational technology remain an attractive target for hacktivists.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds