CVE 8.7 HIGH

Improper neutralization of special elements used in an OS command (‘OS command injection’) in ScadaBR_CVE-2026-8603

May 19, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.

AI Analysis

OS Command Injection vulnerability allowing an attacker to execute commands as root on the SCADA system

Basic Information

ID CVE-2026-8603

Source icscert

Published May 19, 2026 at 17:03

Modified May 19, 2026 at 18:01

Affected Product

Vendor ScadaBR

Product ScadaBR

Version 1.2.0

Affected Versions ScadaBR ScadaBR 1.2.0

CWE Classification

CWE-78

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor ScadaBR

Product ScadaBR

Version 1.2.0

References

www.cisa.gov /news-events/ics-advisories/icsa-26-139-03

{
    "lastseen": "",
    "description": "In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.",
    "published": "2026-05-19T17:03:38.388Z",
    "modified": "2026-05-19T18:01:31.646Z",
    "type": "cve",
    "title": "Improper neutralization of special elements used in an OS command ('OS command injection') in ScadaBR",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-03",
    "id": "CVE-2026-8603",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "ScadaBR ScadaBR 1.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ScadaBR",
    "version": "1.2.0",
    "vendor": "ScadaBR",
    "ai_description": "OS Command Injection vulnerability allowing an attacker to execute commands as root on the SCADA system",
    "ai_severity": "High",
    "ai_vendor": "ScadaBR",
    "ai_product": "ScadaBR",
    "ai_version": "1.2.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply