CISA adds known exploited vulnerability to catalog

The Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by including a newly identified Cross-Site Scripting (XSS) vulnerability affecting OpenPLC ScadaBR. This vulnerability has been observed in active exploitation contexts, posing risks to network security.

The vulnerability designated as CVE-2021-26829 applies to the OpenPLC ScadaBR platform. It involves a XSS weakness exploitable through specific attack vectors, as detailed in the advisory. The KEV Catalog addition is based on evidence of exploitation without additional vulnerability categories or differing exploit conditions noted for other entries.

Exploitation of this XSS vulnerability can facilitate unauthorized scripting attacks within affected systems, which may compromise the integrity of the environment where OpenPLC ScadaBR operates.

Resolution directives under Binding Operational Directive (BOD) 22-01 require Federal Civilian Executive Branch agencies to address vulnerabilities listed in the KEV Catalog by prescribed deadlines. The advisory states that remediation efforts should follow these mandates for the newly listed CVE-2021-26829. No further updates on patches or vendor fixes are included in the advisory.

The guidance affirms that while BOD 22-01 specifically mandates actions for federal civilian entities, all organizations are encouraged to prioritize remediation of vulnerabilities cataloged by CISA to mitigate exposure to exploitation. The agency will continue updating the KEV Catalog as new vulnerabilities meeting established criteria are identified.

Cloudbrink updates AI features on secure connectivity platform

Atos named leader in ISG AI-driven application services

Fortinet expands FortiCNAPP with network and data context