VYPR

OpenPLC_V3

by Openplcproject

CVEs (6)

  • CVE-2025-1066CriFeb 6, 2025
    risk 0.57cvss 9.8epss 0.00

    OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.

  • CVE-2025-13970HigDec 13, 2025
    risk 0.52cvss 8.0epss 0.00

    OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized …

  • CVE-2025-46613HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.00

    OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable.

  • CVE-2024-36981HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…

  • CVE-2024-36980HigSep 18, 2024
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…

  • CVE-2025-54811HigOct 1, 2025
    risk 0.46cvss 7.1epss 0.00

    OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the…