Lucene search
K

203 matches found

Cvelist
Cvelist
added 2025/10/03 3:36 p.m.10 views

CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

7.1CVSS0.00618EPSS
Exploits0References4
CVE
CVE
added 2025/10/03 3:36 p.m.15 views

CVE-2025-34226

OpenPLC Runtime v3 is affected by an input validation flaw in the /upload-program-action endpoint: the epoch_time parameter submitted during program uploads is not validated, allowing corruption of the programs database. After a malformed upload, the runtime can operate, but on restart the databa...

7.1CVSS6.5AI score0.00618EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/03 3:36 p.m.4 views

CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS

OpenPLC Runtime v3 contains an input validation flaw in the /upload-program-action endpoint: the epochtime field supplied during program uploads is not validated and can be crafted to induce corruption of the programs database. After a successful malformed upload the runtime continues to operate...

7.1CVSS6.5AI score0.00618EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.6 views

PT-2025-40533

Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description The software contains an input validation flaw in the /upload-program-action API endpoint. The epoch time parameter, when submitting program uploads, is not validated, potentially leading to corruption of...

7.1CVSS6.7AI score0.00618EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/03 12:0 a.m.5 views

OpenPLC Runtime version 3 安全漏洞

OpenPLC Runtime version 3 is a programmable logic controller by Thiago Alves Individual Developer. A security vulnerability exists in OpenPLC Runtime version 3, which stems from insufficient input validation of the epochtime field, which could lead to program database corruption, resulting in a...

7.1CVSS6.5AI score0.00618EPSS
Exploits0References5
NVD
NVD
added 2025/10/01 10:15 p.m.12 views

CVE-2025-54811

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/01 9:22 p.m.3 views

CVE-2025-54811 OpenPLC_V3

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS6.8AI score0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/01 9:22 p.m.7 views

CVE-2025-54811 OpenPLC_V3

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.6 views

PT-2025-40294

Name of the Vulnerable Software and Affected Versions OpenPLC V3 affected versions not specified Description A flaw exists in the enipThread function of OpenPLC V3 due to a missing return value. This can cause a crash when the server loop completes, resulting in an illegal ud2 instruction. An...

7.1CVSS6.3AI score0.00199EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.5 views

OpenPLC 安全漏洞

OpenPLC is an open source programmable logic controller from the individual developer Thiago Alves. It can provide low-cost industrial solutions for automation and research. A security vulnerability exists in OpenPLC that stems from a missing return value in the enipThread function, which could...

7.1CVSS6.4AI score0.00199EPSS
Exploits0References2
CISA
CISA
added 2025/09/30 12:0 p.m.4 views

CISA Releases Ten Industrial Control Systems Advisories

CISA released ten Industrial Control Systems ICS advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application ICSA-25-273-02 Festo...

6.7AI score
Exploits0References10
ICS
ICS
added 2025/09/30 6:0 a.m.7 views

OpenPLC_V3

RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

7.1CVSS7.3AI score0.00199EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/08/06 12:14 a.m.8 views

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...

6.4CVSS6.5AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2025/08/04 2:15 a.m.6 views

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...

6.4CVSS0.00224EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/04 12:0 a.m.5 views

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...

6.4CVSS6.5AI score0.00224EPSS
Exploits1References2
CVE
CVE
added 2025/08/04 12:0 a.m.21 views

CVE-2025-54962

OpenPLC Runtime CVE-2025-54962 affects OpenPLC Runtime versions 3 through 9cd8f1b. The webserver’s /edit-user endpoint allows authenticated users to upload arbitrary files (e.g., .html, .svg); these uploads are stored under /static and become publicly accessible. The root cause is improper valida...

6.4CVSS6.5AI score0.00224EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.7 views

PT-2025-31796 · Unknown · Openplc Runtime

Name of the Vulnerable Software and Affected Versions: OpenPLC Runtime versions 3 through 9cd8f1b Description: An authenticated user can upload arbitrary files, such as .html or .svg, through the /edit-user endpoint in the webserver. These uploaded files are then publicly accessible under the...

6.4CVSS6.6AI score0.00224EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/08/04 12:0 a.m.11 views

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...

6.4CVSS0.00224EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/04 12:0 a.m.3 views

OpenPLC Runtime version 3 代码问题漏洞

OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. A code issue vulnerability exists in OpenPLC Runtime version 3 that originates from allowing an authenticated user to upload arbitrary files and access them publicly...

6.4CVSS6.8AI score0.00224EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/07/29 4:16 p.m.125 views

Exploit for CVE-2025-54962

🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...

6.4CVSS6.3AI score0.00224EPSS
Exploits1
Rows per page
Query Builder