VYPR
Vendor

Thiagoralves

Products
2
CVEs
13
Across products
13
Status
Private

Products

2

Recent CVEs

13
  • CVE-2021-47770HigJan 21, 2026
    risk 0.57cvss 8.8epss 0.01

    OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that…

  • CVE-2025-1066CriFeb 6, 2025
    risk 0.57cvss 9.8epss 0.00

    OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns.

  • CVE-2025-13970HigDec 13, 2025
    risk 0.52cvss 8.0epss 0.00

    OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized …

  • CVE-2025-46613HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.00

    OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable.

  • CVE-2025-34226HigOct 3, 2025
    risk 0.46cvss epss 0.01

    OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epoch_time field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime…

  • CVE-2025-54811HigOct 1, 2025
    risk 0.46cvss 7.1epss 0.00

    OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the…

  • CVE-2025-54962MedAug 4, 2025
    risk 0.42cvss 6.4epss 0.00

    /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI.

  • CVE-2025-53476MedOct 7, 2025
    risk 0.34cvss 5.3epss 0.00

    A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a…

  • CVE-2024-36981Sep 18, 2024
    risk 0.00cvss epss 0.01

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…

  • CVE-2024-36980Sep 18, 2024
    risk 0.00cvss epss 0.01

    An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP…

  • CVE-2024-39590Sep 18, 2024
    risk 0.00cvss epss 0.01

    Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of…

  • CVE-2024-39589Sep 18, 2024
    risk 0.00cvss epss 0.01

    Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of…

  • CVE-2018-20818Apr 21, 2019
    risk 0.00cvss epss 0.02

    A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.