Openplcproject
Products
3- 13 CVEs
- 3 CVEs
- 2 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28205 | Cri | 0.64 | 9.8 | 0.00 | Apr 9, 2026 | OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API. | ||
| CVE-2026-35063 | Hig | 0.57 | 8.8 | 0.00 | Apr 9, 2026 | OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full… | ||
| CVE-2021-47770 | Hig | 0.57 | 8.8 | 0.01 | Jan 21, 2026 | OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that… | ||
| CVE-2025-13970 | Hig | 0.52 | 8.0 | 0.00 | Dec 13, 2025 | OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized … | ||
| CVE-2026-35556 | Hig | 0.49 | 7.5 | 0.00 | Apr 9, 2026 | OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information. | ||
| CVE-2025-54962 | Med | 0.42 | 6.4 | 0.00 | Aug 4, 2025 | /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. | ||
| CVE-2026-31156 | Med | 0.35 | 6.5 | 0.00 | May 13, 2026 | A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are… | ||
| CVE-2025-53476 | Med | 0.34 | 5.3 | 0.00 | Oct 7, 2025 | A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a… | ||
| CVE-2024-34026 | 0.01 | — | 0.02 | Sep 18, 2024 | A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of… | |||
| CVE-2024-36981 | 0.00 | — | 0.01 | Sep 18, 2024 | An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP… | |||
| CVE-2024-36980 | 0.00 | — | 0.01 | Sep 18, 2024 | An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP… | |||
| CVE-2024-39590 | 0.00 | — | 0.01 | Sep 18, 2024 | Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of… | |||
| CVE-2024-39589 | 0.00 | — | 0.01 | Sep 18, 2024 | Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of… | |||
| CVE-2024-37741 | 0.00 | — | 0.00 | Jun 28, 2024 | OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. | |||
| CVE-2021-3351 | 0.00 | — | 0.01 | Aug 2, 2021 | OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. | |||
| CVE-2018-20818 | 0.00 | — | 0.02 | Apr 21, 2019 | A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact. |
- risk 0.64cvss 9.8epss 0.00
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.
- risk 0.57cvss 8.8epss 0.00
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full…
- risk 0.57cvss 8.8epss 0.01
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that…
- risk 0.52cvss 8.0epss 0.00
OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized …
- risk 0.49cvss 7.5epss 0.00
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.
- risk 0.42cvss 6.4epss 0.00
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.
- risk 0.35cvss 6.5epss 0.00
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are…
- risk 0.34cvss 5.3epss 0.00
A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a…
- CVE-2024-34026Sep 18, 2024risk 0.01cvss —epss 0.02
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of…
- CVE-2024-36981Sep 18, 2024risk 0.00cvss —epss 0.01
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…
- CVE-2024-36980Sep 18, 2024risk 0.00cvss —epss 0.01
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…
- CVE-2024-39590Sep 18, 2024risk 0.00cvss —epss 0.01
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of…
- CVE-2024-39589Sep 18, 2024risk 0.00cvss —epss 0.01
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of…
- CVE-2024-37741Jun 28, 2024risk 0.00cvss —epss 0.00
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
- CVE-2021-3351Aug 2, 2021risk 0.00cvss —epss 0.01
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page.
- CVE-2018-20818Apr 21, 2019risk 0.00cvss —epss 0.02
A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.