CISA Advisory: Multiple Critical Vulnerabilities in ScadaBR
⚠ CISA reports multiple critical vulnerabilities in ScadaBR version 1.2.0, including missing authentication, OS command injection, CSRF, and hard-coded credentials. Successful exploitation could enable unauthenticated remote code execution, root command execution, arbitrary sensor injection, or full administrative access. The vendor did not respond to CISA requests; users should contact ScadaBR support and implement network-level mitigations immediately.
