Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-8603: ScadaBR 1.2.0: Unauthenticated root access via OS command injection

CVE-2026-8603

Summary

An attacker can execute system commands with root privileges on the SCADA system. This could allow unauthorized access and control of the system. Update to the latest version of ScadaBR to fix this vulnerability.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
scadabr	scadabr	1.2 `cpe:2.3:a:scadabr:scadabr:1.2:::::::*`

Original title

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

Original description

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

nvd CVSS4.0 8.7

Vulnerability type

CWE-78 OS Command Injection

https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03

Published: 19 May 2026 · Updated: 28 May 2026 · First seen: 19 May 2026