EUVD-2026-21041

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

Command injection

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

CVE-2021-31630

CVE-2021-31630 affects OpenPLC WebServer v3. It enables command injection via the Hardware Layer Code Box on the /hardware page, allowing remote code execution. Multiple connected sources (Red Hat advisory and various PoCs/exploits on GitHub) describe authenticated or near-authenticated workflows...

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application...

PT-2021-19453 · Unknown · Open Plc Webserver

Name of the Vulnerable Software and Affected Versions: Open PLC Webserver version 3 Description: Command Injection in Open PLC Webserver allows remote attackers to execute arbitrary code via the Hardware Layer Code Box component on the "/hardware" page of the application. Recommendations: As a...