Ethical Hacking News
A critical security alert has been issued regarding OpenPLC ScadaBR due to the addition of CVE-2021-26829 to the Known Exploited Vulnerabilities (KEV) catalog. This cross-site scripting bug boasts a CVSS score of 5.4 and affects both Windows and Linux versions of the software. Industrial control systems are at risk, emphasizing the need for timely patching and proactive vulnerability management.
The development comes as threat actors continue to target industrial control systems using sophisticated TTPs. Hacktivist groups like TwoNet are increasingly exploiting vulnerabilities in these systems, highlighting the importance of staying informed about newly discovered vulnerabilities and applying patches in a timely manner.
As FCEB agencies require fixes for CVE-2021-26829 by December 19, 2025, for optimal protection, organizations operating industrial control systems must prioritize vulnerability management and implement robust security measures to mitigate these risks. The addition of this bug serves as a reminder that industrial control systems are critical infrastructure targets for malicious actors.
Stay informed about the latest vulnerabilities and apply patches in a timely manner to prevent potential breaches. Prioritize proactive security awareness and culture within your organization to ensure optimal protection against these evolving threats.
The latest vulnerability, CVE-2021-26829, has been added to the Known Exploited Vulnerabilities (KEV) catalog, highlighting the importance of timely patching and proactive vulnerability management.The bug has a CVSS score of 5.4 and affects both Windows and Linux versions of OpenPLC ScadaBR, with specific versions impacting 1.12.4 on Windows and 0.9.1 on Linux.Threat actors are increasingly targeting industrial control systems using sophisticated tactics, techniques, and procedures (TTPs).A recent exploit operation by pro-Russian hacktivist group TwoNet used CVE-2021-26829 to breach a honeypot system.The use of legitimate internet services like Google Cloud infrastructure is being leveraged by bad actors to evade detection and blend in with normal network traffic.Federal Civilian Executive Branch (FCEB) agencies must apply necessary fixes by December 19, 2025, for optimal protection.Industrial control systems are critical infrastructure targets for malicious actors, emphasizing the need for organizations to prioritize vulnerability management and implement robust security measures.
The cybersecurity landscape has been marked by an influx of newly discovered vulnerabilities and actively exploited threats, with the latest development being the addition of a critical cross-site scripting (XSS) bug, CVE-2021-26829, in OpenPLC ScadaBR to the Known Exploited Vulnerabilities (KEV) catalog. This update has significant implications for industrial control systems, as it highlights the importance of timely patching and proactive vulnerability management.
The vulnerability in question, CVE-2021-26829, boasts a CVSS score of 5.4, indicating its potential severity and impact on affected systems. The bug is present in both Windows and Linux versions of OpenPLC ScadaBR, with specific versions impacting OpenPLC ScadaBR through 1.12.4 on Windows and OpenPLC ScadaBR through 0.9.1 on Linux.
The addition of CVE-2021-26829 to the KEV catalog comes at a time when threat actors are increasingly targeting industrial control systems, often using sophisticated tactics, techniques, and procedures (TTPs). The recent compromise by pro-Russian hacktivist group TwoNet, which targeted Forescout's honeypot, exemplifies this trend. TwoNet's attack chain involved exploiting CVE-2021-26829 to deface the HMI login page description and modify system settings, ultimately breaching the honeypot system.
The activities of TwoNet are part of a broader concern regarding the rise of hacktivist groups, which often blend legitimate hacking practices with attention-grabbing claims around industrial systems. These groups frequently exploit vulnerabilities in software applications, such as OpenPLC ScadaBR, to execute malicious operations.
Furthermore, an ongoing Out-of-Band Application Security Testing (OAST) endpoint on Google Cloud has been observed driving a regionally-focused exploit operation, with roughly 1,400 exploit attempts spanning more than 200 CVEs linked to this infrastructure. The activity is aimed at Brazil and involves exploiting a flaw in the OAST system, which would issue an HTTP request to one of the attacker's OAST subdomains if successful.
The involvement of U.S.-based Google Cloud infrastructure in these activities underscores how bad actors are leveraging legitimate internet services to evade detection and blend in with normal network traffic. The use of OAST callbacks associated with the domain dates back to at least November 2024, suggesting that this activity has been ongoing for about a year.
The attacks by TwoNet and other hacktivist groups exemplify the evolving threat landscape, where both nation-state actors and non-state entities engage in sophisticated cyberattacks against industrial control systems. The exploitation of CVE-2021-26829 highlights the need for timely patching and proactive vulnerability management to mitigate these risks.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary fixes by December 19, 2025, for optimal protection. This emphasizes the importance of staying informed about newly discovered vulnerabilities and applying patches in a timely manner to prevent potential breaches.
The recent developments surrounding CVE-2021-26829 and related exploit operations serve as a reminder that industrial control systems are critical infrastructure targets for malicious actors. As such, it is essential for organizations operating these systems to prioritize vulnerability management, implement robust security measures, and foster a culture of proactive security awareness.
In conclusion, the addition of CVE-2021-26829 in OpenPLC ScadaBR to the KEV catalog underscores the importance of vigilance in identifying and addressing vulnerabilities that could be exploited by malicious actors. As the threat landscape continues to evolve, it is crucial for organizations to remain informed about newly discovered vulnerabilities and apply patches in a timely manner.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Adds-Actively-Exploited-XSS-Bug-CVE-2021-26829-in-OpenPLC-ScadaBR-to-KEV-A-Critical-Security-Alert-for-Industrial-Control-Systems-ehn.shtml
https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html
Published: Sun Nov 30 03:49:28 2025 by llama3.2 3B Q4_K_M
