CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include a significant security flaw affecting OpenPLC ScadaBR. This update comes after evidence showed that the vulnerability is being actively exploited in the wild. The flaw, identified as CVE-2021-26829, is a cross-site scripting (XSS) vulnerability with a CVSS score of 5.4. It impacts both Windows and Linux versions of the OpenPLC ScadaBR software.
This addition to the KEV catalog highlights the ongoing risks associated with this vulnerability. Cross-site scripting flaws like CVE-2021-26829 allow attackers to inject malicious scripts into web applications, potentially compromising user data or system integrity. The fact that this vulnerability is actively exploited means that organizations using OpenPLC ScadaBR must take immediate action to mitigate the risk.
Details on the CVE-2021-26829 Vulnerability in OpenPLC ScadaBR
The CVE-2021-26829 vulnerability affects OpenPLC ScadaBR, a software platform used for industrial control systems. This cross-site scripting flaw enables attackers to execute malicious scripts within the context of the affected application. Both Windows and Linux versions of OpenPLC ScadaBR are vulnerable, which broadens the scope of potential targets.
Because the vulnerability is actively exploited, it poses a real and present danger to users of the software. Attackers can leverage this XSS flaw to perform unauthorized actions, steal sensitive information, or disrupt normal operations. The CVSS score of 5.4 indicates a moderate severity level, but the active exploitation elevates the urgency for remediation.
Implications of CISA Adds Actively Exploited Vulnerabilities to KEV
By adding CVE-2021-26829 to its Known Exploited Vulnerabilities catalog, CISA is signaling the critical need for organizations to address this security issue promptly. The KEV catalog serves as a resource for cybersecurity professionals and organizations to prioritize patching and mitigation efforts against vulnerabilities known to be exploited in real-world attacks.
The inclusion of this XSS bug in OpenPLC ScadaBR underscores the importance of maintaining up-to-date security practices. Organizations running this software should review their systems, apply any available patches, and implement protective measures to reduce exposure to this threat. Ignoring such vulnerabilities can lead to severe consequences, including data breaches and operational disruptions.
In summary, CISA adds actively exploited vulnerabilities like CVE-2021-26829 to its KEV catalog to help organizations stay informed and prepared. The cross-site scripting flaw in OpenPLC ScadaBR affects multiple operating systems and is currently being exploited, making it essential for users to take immediate action to secure their environments.
For more stories on this topic, visit our category page.
Source: original article.