Today CISA announced that they had added a cross-site scripting vulnerability in the “OpenPLC ScadaBR” product. ScadaBR reported the vulnerability in June of 2021 (no mention of OpenPLC). On March 2st, 2021, Fellipe Oliveira published two exploits (for Windows, for Linux) for the vulnerability. On October 9th of this year, Forescout’s Vedere Labs published a report about a ‘Russian aligned group’ used this vulnerability to exploit access to a honeypot (that they thought was a public water system) that had been gained via default authentication.
According to the ScadaBR web site (Google translation from Portugese) in the response to the initial report of this vulnerability by h3v0x (apparently Fellipe Oliveira):
“Here in Brazil, ScadaBR was discontinued by the developers; the last version was 1.1. ScadaBR is being continued, but not by Brazilian developers. The project has 20 contributors worldwide and is now called ScadaLTS.”
There are currently no security advisories for ScadaLTS, so maybe the vulnerability does not affect that version of the product.
CISA has directed federal agencies that are operating the affected ‘OpenPLC – ScadaBR’ product to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” A deadline of December 19th, 2025 has been set for compliance.
Posts
No comments:
Post a Comment