Lucene search
K

35 matches found

Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.14 views

PT-2025-51034

Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description The software is susceptible to a cross-site request forgery CSRF attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into...

8CVSS6.5AI score0.00281EPSS
Exploits0References9
CISA
CISA
added 2025/12/11 12:0 p.m.9 views

CISA Releases 12 Industrial Control Systems Advisories

CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...

6.7AI score
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/10/08 8:19 p.m.5 views

CVE-2025-53476

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS6.7AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 1:49 p.m.5 views

EUVD-2025-32856

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS6.3AI score0.00344EPSS
Exploits0References2
CVE
CVE
added 2025/10/07 1:49 p.m.16 views

CVE-2025-53476

OpenPLC_v3 is affected by CVE-2025-53476 due to a DoS in the ModbusTCP server. A crafted sequence of TCP connections can exhaust the server’s file descriptors, causing the server to be unable to process subsequent Modbus requests. TALOS details the vulnerability in OpenPLC_v3, including the waitF...

5.3CVSS6.4AI score0.00344EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.7 views

CVE-2025-54811

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS7.2AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2025/10/01 10:15 p.m.15 views

CVE-2025-54811

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/01 9:22 p.m.10 views

CVE-2025-54811 OpenPLC_V3

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS0.00199EPSS
Exploits0References2
CISA
CISA
added 2025/09/30 12:0 p.m.6 views

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application ICSA-25-273-02 Festo...

6.7AI score
Exploits0References10
CVE
CVE
added 2025/04/25 12:0 a.m.64 views

CVE-2025-46613

OpenPLC 3 through 64f9c11 is affected by a memory corruption vulnerability in server.cpp caused by a thread accessing the handleConnections arguments after the parent stack frame becomes unavailable, i.e., a race condition. This is documented across multiple sources (NVD/Red Hat/CIRCL/CNNVD, PT-S...

7.5CVSS7.6AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.7 views

PT-2025-5795 · Unknown · Openplc V3

Name of the Vulnerable Software and Affected Versions: OpenPLC V3 affected versions not specified Description: The issue concerns an arbitrary file upload vulnerability. This could be exploited for malvertising or phishing campaigns. Recommendations: At the moment, there is no information about a...

9.8CVSS7.1AI score0.00439EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.6 views

PT-2024-27229 · Openplc · Openplc

Name of the Vulnerable Software and Affected Versions: OpenPLC v3 b4702061dc14d1024856f71b4543298d77007b88 Description: An out-of-bounds read issue exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality. A specially crafted network request can lead to denial of service. An attacker c...

7.5CVSS6.5AI score0.01099EPSS
Exploits1References7
CVE
CVE
added 2024/06/28 12:0 a.m.47 views

CVE-2024-37741

OpenPLC 3 through 9cd8f1b is affected by a cross-site scripting (XSS) vulnerability that can be triggered via an SVG document used as a profile picture. The issue arises from insufficient filtering/escaping of user-supplied data, enabling script execution within a victim’s browser. Affected produ...

5.4CVSS6AI score0.00334EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-6562 · Openplc · Openplc

Name of the Vulnerable Software and Affected Versions: OpenPLC version v3 b4702061dc14d1024856f71b4543298d77007b88 Description: A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality. This vulnerability can be exploited by sending a specially...

9.8CVSS7.8AI score0.02398EPSS
Exploits1References12
CNVD
CNVD
added 2019/04/22 12:0 a.m.2 views

OpenPLC Buffer Overflow Vulnerability

OpenPLC is an open source programmable logic controller. A buffer overflow vulnerability exists in OpenPLCv2 version and OpenPLCv3 version. The vulnerability originates when a networked system or product performs an operation on memory without properly validating data boundaries, resulting in an...

9.8CVSS7.3AI score0.01532EPSS
Exploits0References1
Rows per page
Query Builder