203 matches found
CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...
CVE-2025-34226
OpenPLC Runtime v3 is affected by an input validation flaw in the /upload-program-action endpoint: the epoch_time parameter submitted during program uploads is not validated, allowing corruption of the programs database. After a malformed upload, the runtime can operate, but on restart the databa...
CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS
OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...
PT-2025-40533
Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description The software contains an input validation flaw in the /upload-program-action API endpoint. The epoch time parameter, when submitting program uploads, is not validated, potentially leading to corruption of...
OpenPLC Runtime version 3 安全漏洞
OpenPLC Runtime version 3 is a programmable logic controller by Thiago Alves Individual Developer. A security vulnerability exists in OpenPLC Runtime version 3, which stems from insufficient input validation of the epochtime field, which could lead to program database corruption, resulting in a...
CVE-2025-54811
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
CVE-2025-54811 OpenPLC_V3
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
CVE-2025-54811 OpenPLC_V3
OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...
PT-2025-40294
Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description A flaw exists in the enipThread function of OpenPLC V3 due to a missing return value. This can cause a crash when the server loop completes, resulting in an illegal ud2 instruction. An...
OpenPLC 安全漏洞
OpenPLC is an open source programmable logic controller from the individual developer Thiago Alves. It can provide low-cost industrial solutions for automation and research. A security vulnerability exists in OpenPLC that stems from a missing return value in the enipThread function, which could...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application ICSA-25-273-02 Festo...
OpenPLC_V3
RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
CVE-2025-54962
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...
CVE-2025-54962
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...
CVE-2025-54962
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...
CVE-2025-54962
OpenPLC Runtime CVE-2025-54962 affects OpenPLC Runtime versions 3 through 9cd8f1b. The webserver’s /edit-user endpoint allows authenticated users to upload arbitrary files (e.g., .html, .svg); these uploads are stored under /static and become publicly accessible. The root cause is improper valida...
PT-2025-31796 · Unknown · Openplc Runtime
Name of the Vulnerable Software and Affected Versions: OpenPLC Runtime versions 3 through 9cd8f1b Description: An authenticated user can upload arbitrary files, such as .html or .svg, through the /edit-user endpoint in the webserver. These uploaded files are then publicly accessible under the...
CVE-2025-54962
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...
OpenPLC Runtime version 3 代码问题漏洞
OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. A code issue vulnerability exists in OpenPLC Runtime version 3 that originates from allowing an authenticated user to upload arbitrary files and access them publicly...
Exploit for CVE-2025-54962
🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...