CVE-2025-70973

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

09/03/2026

Last modified:

09/03/2026

Description

ScadaBR 1.12.4 is vulnerable to Session Fixation. The application assigns a JSESSIONID session cookie to unauthenticated users and does not regenerate the session identifier after successful authentication. As a result, a session created prior to login becomes authenticated once the victim logs in, allowing an attacker who knows the session ID to hijack an authenticated session.

Impact

References to Advisories, Solutions, and Tools

https://github.com/chiranjib2001/ScadaBR/blob/main/README.md