Lucene search
K

203 matches found

RedhatCVE
RedhatCVE
added 2025/12/14 12:57 a.m.6 views

CVE-2025-13970

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS7AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 3:30 a.m.4 views

EUVD-2025-203181

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS6.4AI score0.00277EPSS
Exploits0References4
NVD
NVD
added 2025/12/13 1:15 a.m.8 views

CVE-2025-13970

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS0.00277EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/13 12:3 a.m.3 views

CVE-2025-13970 OpenPLC_V3 Cross-Site Request Forgery

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS6.5AI score0.00277EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 12:3 a.m.8 views

CVE-2025-13970

OpenPLC_V3 (CVE-2025-13970) is reported across multiple sources to be vulnerable to a cross-site request forgery (CSRF) due to missing CSRF validation. The vulnerability allows an unauthenticated attacker to lure a logged-in administrator into visiting a malicious link, potentially enabling unaut...

8CVSS6.5AI score0.00277EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.7 views

PT-2025-51034

Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description The software is susceptible to a cross-site request forgery CSRF attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into...

8CVSS6.5AI score0.00277EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.3 views

OpenPLC Runtime version 3 跨站请求伪造漏洞

OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. OpenPLC Runtime version 3 suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF authentication, which could lead to a cross-site request forgery attack...

8CVSS6.5AI score0.00277EPSS
Exploits0References4
CISA
CISA
added 2025/12/11 12:0 p.m.8 views

CISA Releases 12 Industrial Control Systems Advisories

CISA released 12 Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-345-01 Johnson Controls iSTAR ICSA-25-345-02 Johnson Controls iSTAR Ultra ICSA-25-345-03 AzeoTech DAQFactor...

6.7AI score
Exploits0References12
CISA
CISA
added 2025/12/03 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-26828link is external OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability This type of vulnerability is a frequent attack vector fo...

8.8CVSS8.9AI score0.39096EPSS
In wildExploits8References6
The Hacker News
The Hacker News
added 2025/11/30 9:23 a.m.6 views

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA has updated its Known Exploited Vulnerabilities KEV catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 CVSS score: 5.4, a cross-site...

8.8CVSS7.8AI score0.4805EPSS
Exploits9
CISA
CISA
added 2025/11/28 12:0 p.m.7 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-26829link is external OpenPLC ScadaBR Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors an...

5.4CVSS6.6AI score0.4805EPSS
In wildExploits1References6
CISA KEV Catalog
CISA KEV Catalog
added 2025/11/28 12:0 a.m.6 views

OpenPLC ScadaBR Cross-site Scripting Vulnerability

OpenPLC ScadaBR contains a cross-site scripting vulnerability via systemsettings.shtm...

5.4CVSS6.3AI score0.4805EPSS
In wildExploits1
Talos Blog
Talos Blog
added 2025/10/15 5:39 p.m.6 views

Open PLC and Planet vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from...

8.8CVSS8.2AI score0.04385EPSS
Exploits7
VulnCheck KEV
VulnCheck KEV
added 2025/10/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

8.8CVSS6AI score0.39096EPSS
In wildExploits8References6
VulnCheck KEV
VulnCheck KEV
added 2025/10/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-26829

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via systemsettings.shtm...

5.4CVSS5.8AI score0.4805EPSS
In wildExploits1References7
RedhatCVE
RedhatCVE
added 2025/10/08 8:19 p.m.5 views

CVE-2025-53476

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS6.7AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/07 11:13 p.m.7 views

CVE-2025-34226

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

7.1CVSS6.9AI score0.00618EPSS
Exploits0References1
NVD
NVD
added 2025/10/07 2:15 p.m.3 views

CVE-2025-53476

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS0.00336EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/07 1:49 p.m.3 views

CVE-2025-53476

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS6.4AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/07 1:49 p.m.9 views

CVE-2025-53476

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS0.00336EPSS
Exploits0References1
Rows per page
Query Builder