CVE-2021-26828 : Security Advisory and Response

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows has a vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

Understanding CVE-2021-26828

This section will cover details about the CVE-2021-26828 vulnerability and its impact.

What is CVE-2021-26828?

The CVE-2021-26828 vulnerability in OpenPLC ScadaBR allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

The Impact of CVE-2021-26828

The vulnerability enables authenticated remote attackers to upload and execute malicious JSP files, potentially leading to unauthorized system access and data breaches.

Technical Details of CVE-2021-26828

Here, we'll delve into the technical aspects of the CVE-2021-26828 vulnerability.

Vulnerability Description

The flaw allows authenticated remote attackers to upload and run arbitrary JSP files through the view_edit.shtm functionality.

Affected Systems and Versions

OpenPLC ScadaBR versions through 0.9.1 on Linux and through 1.12.4 on Windows are impacted by this vulnerability.

Exploitation Mechanism

Attackers with remote authenticated access can exploit this vulnerability by uploading malicious JSP files using the view_edit.shtm feature.

Mitigation and Prevention

In this section, we'll discuss steps to mitigate the risks associated with CVE-2021-26828.

Immediate Steps to Take

Users are advised to restrict access to the view_edit.shtm feature and monitor for any unauthorized file uploads.

Long-Term Security Practices

Implementing strict access controls, conducting regular security audits, and keeping systems up to date can enhance overall security posture.

Patching and Updates

Users should apply patches released by OpenPLC ScadaBR promptly to address the vulnerability and prevent exploitation.