CVE 9.9 CRITICAL

ScadaBR Authenticated Remote Code Execution_CVE-2026-9645

May 28, 2026 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.

AI Analysis

Authenticated users can execute arbitrary JavaScript code on the server, allowing for complete system compromise.

Basic Information

ID CVE-2026-9645

Source tenable

Published May 28, 2026 at 20:30

Modified May 28, 2026 at 20:32

Affected Product

Vendor ScadaBR

Product ScadaBR

Version 1.2.0

Affected Versions ScadaBR ScadaBR 1.2.0

CWE Classification

CWE-78

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor ScadaBR

Product ScadaBR

Version 1.2.0

References

www.tenable.com /security/research/tra-2026-46

{
    "lastseen": "",
    "description": "Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.",
    "published": "2026-05-28T20:30:13.813Z",
    "modified": "2026-05-28T20:32:50.620Z",
    "type": "cve",
    "title": "ScadaBR Authenticated Remote Code Execution",
    "source": "tenable",
    "references": "https://www.tenable.com/security/research/tra-2026-46",
    "id": "CVE-2026-9645",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "ScadaBR ScadaBR 1.2.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ScadaBR",
    "version": "1.2.0",
    "vendor": "ScadaBR",
    "ai_description": "Authenticated users can execute arbitrary JavaScript code on the server, allowing for complete system compromise.",
    "ai_severity": "Critical",
    "ai_vendor": "ScadaBR",
    "ai_product": "ScadaBR",
    "ai_version": "1.2.0",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply