Old ScadaBR Flaw: Hackers’ Not-So-Grand Defacement Adventure!

Hackers defaced an industrial control system with an old OpenPLC ScadaBR flaw, CVE-2021-26829, now added to CISA’s Known Exploited Vulnerabilities catalog. Despite the attack’s lack of real-world impact, it highlights the appeal of targeting such systems with easy-to-exploit vulnerabilities. Remember, not all hackers are evil geniuses; some just want to leave their mark!

3P
Published: December 1, 2025 11:11 amAdded: December 1, 2025 at 3:31 amAssembled by: The Editor
Pro Dashboard

Hot Take:

**_Looks like the cyber baddies have discovered an oldie but a goodie! The forgotten ScadaBR vulnerability, CVE-2021-26829, is suddenly the star of the show thanks to some pro-Russia hacktivists who thought they were hacking into a real industrial control system. Spoiler alert: they were not._**

Key Points:

– CISA has added the ScadaBR flaw CVE-2021-26829 to its Known Exploited Vulnerabilities catalog.
– The vulnerability is a cross-site scripting (XSS) flaw patched in June 2021.
– The hacktivist group TwoNet exploited the vulnerability in a fake ICS setup, thinking it was the real deal.
– The attack only resulted in a defacement, indicating limited hacking skills.
– No significant real-world impact was observed, but it highlighted the potential for future attacks.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?