CISA’s Naughty List: New OpenPLC Flaw Gets Coal in Exploited Vulnerabilities Catalog

OpenPLC ScadaBR flaw joins CISA’s Known Exploited Vulnerabilities catalog, just in time for the holiday season! This security bug, which lets authenticated users upload and execute arbitrary files, has a CVSS score of 8.7. Federal agencies are on a deadline to fix it by December 24, 2025—talk about a Christmas miracle!

3P
Published: December 4, 2025 11:17 pmAdded: December 4, 2025 at 3:27 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the OpenPLC ScadaBR is giving Santa a run for his money with vulnerabilities that have been making quite the naughty list. CISA is stepping in to ensure that these flaws are patched up quicker than holiday shopping can empty a wallet. Forget about reindeer; it’s the rogue JSP files you should be worried about this season!

Key Points:

  • CISA added a new OpenPLC ScadaBR flaw, CVE-2021-26828, to its Known Exploited Vulnerabilities catalog.
  • The flaw is of the unrestricted upload of file with dangerous type variety, with a CVSS score of 8.7.
  • A cross-site scripting (XSS) flaw, CVE-2021-26829, was also added, affecting both Windows and Linux versions.
  • The Binding Operational Directive mandates federal agencies to fix these vulnerabilities by December 24, 2025.
  • Private organizations are advised to review and address these vulnerabilities in their infrastructure.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?