Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
scadabr
15030.2%HIGH

Related CVEs

5
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-8605In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.MEDIUM5.130.5%May 19, 2026
CVE-2026-8604In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.HIGH8.67.5%May 19, 2026
CVE-2026-8603In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.HIGH8.767.2%May 19, 2026
CVE-2026-8602In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a HTTP GET requests to the SCADA system and inject arbitrary sensor readings.HIGH8.835.8%May 19, 2026
CVE-2025-70973ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs in, allowing an attacker who knows the session ID to hijack an authenticated session.MEDIUM4.810.0%Mar 9, 2026