CISA Adds Actively Exploited XSS Vulnerability in OpenPLC ScadaBR to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a cross-site scripting (XSS) vulnerability affecting OpenPLC ScadaBR, identified as CVE-2021-26829 with a CVSS score of 5.4. This vulnerability impacts both Windows and Linux versions of the software and allows attackers to execute malicious scripts within the context of a victim's browser. Evidence of active exploitation has prompted CISA's inclusion in the KEV catalog, highlighting the urgency of remediation. OpenPLC ScadaBR is an open-source implementation of the PLC standard, commonly used in industrial automation and control systems. The XSS vulnerability could be exploited through crafted links or script injection, potentially leading to session hijacking or unauthorized actions within the HMI (Human-Machine Interface). While the CVSS score may not indicate critical severity, the operational impact in industrial control environments can be significant, given the potential for disruption or safety incidents. Organizations using OpenPLC ScadaBR should prioritize patching or implementing mitigations such as network segmentation and browser security controls. CISA's action aligns with Binding Operational Directive 22-01, which mandates federal agencies to address vulnerabilities listed in the KEV catalog. Private sector entities, particularly those in critical infrastructure sectors, should also assess their exposure and take appropriate action to mitigate risks associated with this actively exploited vulnerability.