ScadaBR
Summary
Multiple vulnerabilities have been identified in ScadaBR version 1.2.0, including Missing Authentication for Critical Function, OS Command Injection, Cross-Site Request Forgery, and Use of Hard-coded Credentials. Successful exploitation of these flaws could enable an unauthenticated attacker to execute remote code.
IFF Assessment
The vulnerabilities allow for unauthenticated remote code execution and other critical security failures, posing a significant risk to defenders.
Severity
The CVSS score of 9.1 reflects the critical severity of the identified vulnerabilities, particularly the potential for unauthenticated remote code execution and the wide impact across critical infrastructure sectors.
Defender Context
Defenders should be aware of these critical vulnerabilities affecting ScadaBR systems, which are deployed in vital sectors like energy and water. Prioritizing patching or implementing mitigating controls is essential to prevent potential exploitation leading to operational disruption or system compromise.