CVE-2026-9645
ScadaBR · ScadaBR
ScadaBR contains a vulnerability where authenticated users can execute arbitrary JavaScript on the server, resulting in remote code execution with root privileges.
Executive summary
A critical OS command injection vulnerability in ScadaBR allows authenticated attackers to execute arbitrary code and gain root-level access.
Vulnerability
The application contains exposed methods that fail to neutralize malicious input, leading to OS command injection (CWE-78). An authenticated user can leverage this to execute JavaScript, which is subsequently interpreted as system commands running with root privileges.
Business impact
Rated at 9.9 (Critical), this vulnerability allows for complete system compromise. Since the injected commands execute with root-level privileges, an attacker can gain total control over the server, exfiltrate sensitive process data, or sabotage industrial control systems managed by the ScadaBR platform.
Remediation
Immediate Action: Apply the latest security patch or update to the version recommended by the ScadaBR vendor.
Proactive Monitoring: Review system logs for unauthorized script execution or unexpected processes spawned by the ScadaBR application service.
Compensating Controls: Restrict access to the ScadaBR interface to trusted users only and implement strict network segmentation to limit the blast radius of a potential compromise.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This is an extremely severe vulnerability that grants root access to the underlying system. Immediate patching is mandatory; until patches can be applied, ensure that access to the ScadaBR interface is strictly controlled and monitored to prevent exploitation by malicious actors.