ACCORDING to CISA, the ICS Advisory for ScadaBR warns that successful exploitation of the vulnerabilities could allow an attacker to perform unauthenticated remote code execution. The advisory lists ScadaBR version 1.2.0 as affected, tied to CVE-2026-8602, CVE-2026-8603, CVE-2026-8604 and CVE-2026-8605, with CVSS v3 base scores ranging from 6.1 to 9.1 and severities from MEDIUM to CRITICAL.
CVE-2026-8602 could let an unauthenticated attacker send HTTP GET requests to the SCADA system and inject arbitrary sensor readings, while CVE-2026-8603 enables OS command execution as root; CVE-2026-8604 concerns CSRF to trigger authenticated actions, and CVE-2026-8605 involves use of hard-coded credentials to gain admin access. The advisory notes that the vendor fix has not been provided and invites affected users to contact ScadaBR customer support via https://github[.]com/ScadaBR. No known public exploitation has been reported to CISA at this time.