CISA added a critical cross-site scripting vulnerability in OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog on November 28, 2025, confirming attackers are actively using it. The flaw (CVE-2021-26829) allows remote attackers to inject malicious scripts through the system settings interface, potentially letting them hijack user sessions, steal credentials, or modify critical SCADA configurations.
The vulnerability targets industrial control systems widely used in automation research and implementation. Federal agencies must patch by December 19, 2025. CISA recommends immediately applying vendor patches, reviewing third-party usage, or discontinuing the product if fixes aren't available.
Source: Cybersecurity News