CISA Adds Critical Industrial Control System Vulnerability to Active Threat List

CISA alerts on critical XSS flaw in OpenPLC ScadaBR, urging immediate patching to prevent session hijacking and credential theft.

By Content Team

Nov 30, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

CISA added a critical cross-site scripting vulnerability in OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog on November 28, 2025, confirming attackers are actively using it. The flaw (CVE-2021-26829) allows remote attackers to inject malicious scripts through the system settings interface, potentially letting them hijack user sessions, steal credentials, or modify critical SCADA configurations.

The vulnerability targets industrial control systems widely used in automation research and implementation. Federal agencies must patch by December 19, 2025. CISA recommends immediately applying vendor patches, reviewing third-party usage, or discontinuing the product if fixes aren't available.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Selling $220,000 Windows Zero-Day Exploit on Dark Web

Mar 9, 2026

German Police Rush to Warn Companies About Critical PTC Software Vulnerability

Mar 29, 2026

Inside the High-Stakes World of Ransomware Negotiations

Dec 30, 2025

ShinyHunters Cybercriminals Expand Cloud-Targeting Extortion Operations

Feb 2, 2026