The CISA has warned of an flaw called the ‘OpenPLC ScadaBR’ flaw, tracked as CVE-2021-26829, that was recently leveraged by hackers to deface an industrial control system (ICS). Meaning that it is related to critical infrastructure.
More details here: https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalog
Martin Jartelius, AI Product Director at Outpost24, provided the following comments:
“This vulnerability is four years old, and while the project is still in use, it has largely been replaced by other solutions for many users. Both existing vulnerabilities in the platform require authentication, and the observed intrusion occurred in a honeypot, meaning it must have been configured with an intentionally weak or default password. The group then opted for “defacement,” meaning they changed the appearance of the application rather than abusing the known file-upload issue to achieve code execution on the system.
“As it is an ICS system, the incident is serious, but the key lesson is not to fear this outdated, unpatched system itself. Instead, we should recognize that there are attackers driven by hacktivism or simple cyber-vandalism actively looking for these types of exposed systems. These systems should never be exposed to the internet; organizations must adhere to ICS-CERT guidelines for proper isolation. We must also remember that this incident was visible. If someone had simply logged in and changed settings, there would have been no visual indication.
Over the years, we have seen small power plants with currents and frequency controls exposed directly to the internet — these systems are not toys, and to repeat myself, they should never be accessible without strict isolation and must not have direct internet exposure.”
This should highlight the need to protect critical infrastructure at all costs. Hopefully it doesn’t take a significant incident to get that message through.
Like this:
Like Loading...
Related
This entry was posted on December 2, 2025 at 12:18 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA Warns of OpenPLC ScadaBR Vulnerability After ICS Attack
The CISA has warned of an flaw called the ‘OpenPLC ScadaBR’ flaw, tracked as CVE-2021-26829, that was recently leveraged by hackers to deface an industrial control system (ICS). Meaning that it is related to critical infrastructure.
More details here: https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalog
Martin Jartelius, AI Product Director at Outpost24, provided the following comments:
“This vulnerability is four years old, and while the project is still in use, it has largely been replaced by other solutions for many users. Both existing vulnerabilities in the platform require authentication, and the observed intrusion occurred in a honeypot, meaning it must have been configured with an intentionally weak or default password. The group then opted for “defacement,” meaning they changed the appearance of the application rather than abusing the known file-upload issue to achieve code execution on the system.
“As it is an ICS system, the incident is serious, but the key lesson is not to fear this outdated, unpatched system itself. Instead, we should recognize that there are attackers driven by hacktivism or simple cyber-vandalism actively looking for these types of exposed systems. These systems should never be exposed to the internet; organizations must adhere to ICS-CERT guidelines for proper isolation. We must also remember that this incident was visible. If someone had simply logged in and changed settings, there would have been no visual indication.
Over the years, we have seen small power plants with currents and frequency controls exposed directly to the internet — these systems are not toys, and to repeat myself, they should never be accessible without strict isolation and must not have direct internet exposure.”
This should highlight the need to protect critical infrastructure at all costs. Hopefully it doesn’t take a significant incident to get that message through.
Share this:
Like this:
Related
This entry was posted on December 2, 2025 at 12:18 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.