CVE-2026-8605 CRITICAL

Published: 2026-05-19 | Last Modified: 2026-05-21 | Status: Analyzed

Description

In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 5.1 (MEDIUM)

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	NETWORK
Attack Complexity	LOW
Attack Requirements	NONE
Privileges Required	NONE
User Interaction	ACTIVE
Vulnerability Confidentiality	LOW
Vulnerability Integrity	LOW
Vulnerability Availability	NONE
Subsequent Confidentiality	LOW
Subsequent Integrity	LOW
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-798

Affected Products

Vendor	Product	Version	Update	Type
scadabr	scadabr	1.2	<built-in method update of dict object at 0x7b06a554ad40>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:scadabr:scadabr:1.2:::::::*`

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03
Source: [email protected]

Third Party Advisory US Government Resource