A four-year-old cross-site scripting (XSS) vulnerability in OpenPLC ScadaBR has resurfaced, making industrial systems more susceptible to cyber attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies and critical infrastructure operators to patch immediately.
The XSS vulnerability allows attackers to inject malicious scripts that can execute in users’ browsers, potentially leading to session hijacking or data theft. OpenPLC ScadaBR is an open-source supervisory control and data acquisition (SCADA) system used in various industrial environments.
Recent attacks by pro-Russian hacktivist group TwoNet have highlighted the risks of this vulnerability. The group has been linked to previous disruptions in Ukraine and elsewhere, and its tactics mirror those used in hybrid warfare, where cyber operations disrupt civilian infrastructure to sow chaos.
To counter these threats, organizations must adopt rigorous vulnerability management practices, including applying patches promptly, isolating affected systems, and monitoring for anomalous activity. Upgrading beyond vulnerable versions is crucial, as is implementing web application firewalls to filter malicious inputs.
The incident underscores the need for a culture of proactive patching and threat hunting, and highlights the importance of layered defenses, regular penetration testing, and threat intelligence sharing. The cybersecurity community must stay vigilant to address emerging threats like this before exploitation escalates, safeguarding critical systems that underpin modern life.
Source: https://www.webpronews.com/cisa-adds-cve-2021-26829-to-kev-catalog-amid-russian-hacktivist-exploits