35 matches found
PT-2025-51034
Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description The software is susceptible to a cross-site request forgery CSRF attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into...
CISA Releases 12 Industrial Control Systems Advisories
CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...
CVE-2025-53476
A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...
EUVD-2025-32856
A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...
CVE-2025-53476
OpenPLC_v3 is affected by CVE-2025-53476 due to a DoS in the ModbusTCP server. A crafted sequence of TCP connections can exhaust the server’s file descriptors, causing the server to be unable to process subsequent Modbus requests. TALOS details the vulnerability in OpenPLC_v3, including the waitF...
CVE-2025-54811
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
CVE-2025-54811
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
CVE-2025-54811 OpenPLC_V3
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application ICSA-25-273-02 Festo...
CVE-2025-46613
OpenPLC 3 through 64f9c11 is affected by a memory corruption vulnerability in server.cpp caused by a thread accessing the handleConnections arguments after the parent stack frame becomes unavailable, i.e., a race condition. This is documented across multiple sources (NVD/Red Hat/CIRCL/CNNVD, PT-S...
PT-2025-5795 · Unknown · Openplc V3
Name of the Vulnerable Software and Affected Versions: OpenPLC V3 affected versions not specified Description: The issue concerns an arbitrary file upload vulnerability. This could be exploited for malvertising or phishing campaigns. Recommendations: At the moment, there is no information about a...
PT-2024-27229 · Openplc · Openplc
Name of the Vulnerable Software and Affected Versions: OpenPLC v3 b4702061dc14d1024856f71b4543298d77007b88 Description: An out-of-bounds read issue exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality. A specially crafted network request can lead to denial of service. An attacker c...
CVE-2024-37741
OpenPLC 3 through 9cd8f1b is affected by a cross-site scripting (XSS) vulnerability that can be triggered via an SVG document used as a profile picture. The issue arises from insufficient filtering/escaping of user-supplied data, enabling script execution within a victim’s browser. Affected produ...
PT-2024-6562 · Openplc · Openplc
Name of the Vulnerable Software and Affected Versions: OpenPLC version v3 b4702061dc14d1024856f71b4543298d77007b88 Description: A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality. This vulnerability can be exploited by sending a specially...
OpenPLC Buffer Overflow Vulnerability
OpenPLC is an open source programmable logic controller. A buffer overflow vulnerability exists in OpenPLCv2 version and OpenPLCv3 version. The vulnerability originates when a networked system or product performs an operation on memory without properly validating data boundaries, resulting in an...