Description
In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.
Published: 2026-05-19
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a use of hard‑coded credentials in ScadaBR version 1.2.0. An attacker who is able to locate or otherwise extract these credentials can authenticate to the SCADA system as an administrator, gaining full control over configuration, monitoring, and potential command execution. The effect is an elevation of privilege that compromises both the confidentiality of operational data and the integrity and availability of the control system.

Affected Systems

The affected product is ScadaBR by ScadaBR, specifically the 1.2.0 release. No other versions are listed as impacted.

Risk and Exploitability

The CVSS score of 5.1 indicates a medium severity, and the vulnerability is not included in the CISA KEV catalog. An exploitation path likely requires that an attacker can access the application, read its configuration or binary files, or otherwise reverse engineer the hard‐coded credentials. This could be achieved via local access or across a network where the application files are exposed. The lack of an EPSS score means the current exploit probability is unknown, but the use of hard‑coded credentials represents a predictable weakness that could be leveraged if the attacker has any level of access to the system.

Generated by OpenCVE AI on May 19, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update ScadaBR to a version that removes hard‑coded credentials; if no update is available, contact the vendor for a patch.
  • If an update is not possible, immediately change any default or hard‑coded administrator passwords to unique, strong credentials and disable unused administrative accounts.
  • Restrict network access to the ScadaBR management interface using firewalls, VPNs, or access control lists to limit exposure to trusted users only.

Generated by OpenCVE AI on May 19, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Scadabr
Scadabr scadabr
Vendors & Products Scadabr
Scadabr scadabr

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.
Title Use of Hard-coded Credentials in ScadaBR
Weaknesses CWE-798
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Scadabr Scadabr
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-05-19T17:58:03.116Z

Reserved: 2026-05-14T15:25:12.004Z

Link: CVE-2026-8605

cve-icon Vulnrichment

Updated: 2026-05-19T17:57:56.061Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-19T18:16:32.193

Modified: 2026-05-19T21:01:28.183

Link: CVE-2026-8605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T18:30:11Z

Weaknesses