CISA Adds Actively Exploited XSS Bug in OpenPLC ScadaBR to KEV

First reported

30.11.2025 11:23

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

CISA has added CVE-2021-26829, a cross-site scripting (XSS) flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerability affects Windows and Linux versions of the software and has been exploited by the pro-Russian hacktivist group TwoNet in a recent attack. Federal agencies are required to apply fixes by December 19, 2025. Additionally, VulnCheck observed a long-running OAST service driving exploit operations targeting Brazil.

Timeline

30.11.2025 11:23 1 articles · 12h ago

CISA Adds Actively Exploited XSS Bug in OpenPLC ScadaBR to KEV
CISA has added CVE-2021-26829, a cross-site scripting (XSS) flaw in OpenPLC ScadaBR, to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. The vulnerability affects Windows and Linux versions of the software and has been exploited by the pro-Russian hacktivist group TwoNet in a recent attack. Federal agencies are required to apply fixes by December 19, 2025.
Show sources

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV — thehackernews.com — 30.11.2025 11:23
Open in new tab

Information Snippets

CVE-2021-26829 is a cross-site scripting (XSS) flaw in OpenPLC ScadaBR with a CVSS score of 5.4.
First reported: 30.11.2025 11:23

1 source, 1 article
Show sources
- CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV — thehackernews.com — 30.11.2025 11:23
The vulnerability affects OpenPLC ScadaBR through 1.12.4 on Windows and through 0.9.1 on Linux.
First reported: 30.11.2025 11:23

1 source, 1 article
Show sources
- CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV — thehackernews.com — 30.11.2025 11:23
TwoNet exploited CVE-2021-26829 to deface a honeypot system and disable logs and alarms.
First reported: 30.11.2025 11:23

1 source, 1 article
Show sources
- CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV — thehackernews.com — 30.11.2025 11:23
Federal agencies must apply fixes by December 19, 2025, to mitigate the risk.
First reported: 30.11.2025 11:23

1 source, 1 article
Show sources
- CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV — thehackernews.com — 30.11.2025 11:23
VulnCheck observed a long-running OAST service on Google Cloud driving exploit operations targeting Brazil.
First reported: 30.11.2025 11:23

1 source, 1 article
Show sources
- CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV — thehackernews.com — 30.11.2025 11:23
The OAST service has been active since at least November 2024 and has attempted to exploit over 200 CVEs.
First reported: 30.11.2025 11:23

1 source, 1 article
Show sources
- CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV — thehackernews.com — 30.11.2025 11:23