CVE-2026-8603

Published May 19, 2026

Last updated 23 days ago

CVSS high 8.7
Scada
ICS
OT

Overview

Description
In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system.
Source
ics-cert@hq.dhs.gov
NVD status
Analyzed
Products
scadabr

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

ics-cert@hq.dhs.gov
CWE-78

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. CVE-2024-10085
  2. Android Framework Integer Overflow VulnerabilityCVE-2025-48595
  3. A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.CVE-2026-9039
  4. Nx Console Embedded Malicious Code VulnerabilityCVE-2026-48027
  5. Microsoft Defender Link Following VulnerabilityCVE-2026-41091

References

Sources include official advisories and independent security research.