VYPR

OpenPLC Runtime

by Openplcproject

CVEs (2)

  • CVE-2025-54962MedAug 4, 2025
    risk 0.42cvss 6.4epss 0.00

    /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.

  • CVE-2021-3351Aug 2, 2021
    risk 0.00cvss epss 0.01

    OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page.