Lucene search
K

209 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43116

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-14480

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS0.00616EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-14480 OpenPLC v3 External Control of File Name or Path

OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename progfile directly into the Programs.File database field and later uses this value as the destination path for an...

9.9CVSS0.00616EPSS
Exploits0References2
CVE
CVE
added 4 days ago49 views

CVE-2026-14480

CVE-2026-14480 affects OpenPLC Runtime v3. An authenticated user can write arbitrary files via the legacy web UI program-upload workflow by storing a attacker-controlled filename (prog_file) that is later used as the destination path. Python os.path.join() honors absolute paths, enabling writes a...

9.9CVSS6.2AI score0.00616EPSS
Exploits0References2
ICS
ICS
added 5 days ago5 views

OpenPLC v3

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution...

9.9CVSS6.5AI score0.00616EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56921

Name of the Vulnerable Software and Affected Versions OpenPLC Runtime version 3 Description An authenticated arbitrary file write exists in the legacy web UI program-upload workflow. The application stores an attacker-supplied filename prog file into the Programs.File database field and uses this...

9.9CVSS6.5AI score0.00616EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/05/17 12:0 a.m.29 views

One Step Further: Understanding PLC Binaries through Cross-Platform Reverse Engineering and Function-Level Semantic Analysis

As emerging attacks increasingly target Industrial Control Systems ICS, the security of Programmable Logic Controllers PLCs has become a critical concern. Binary Code Analysis BCA, which enables analysts to understand compiled programs without source code, is essential for ICS security tasks such...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.11 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

6.5CVSS5.9AI score0.00387EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.9 views

EUVD-2026-29960

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

5.9AI score0.00387EPSS
Exploits2References3
NVD
NVD
added 2026/05/13 4:16 p.m.10 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

6.5CVSS0.00387EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/05/13 8:34 a.m.111 views

Exploit for CVE-2026-31156

CVE-2026-31156 There is a path injection vulnerability in Open...

6AI score0.00387EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.8 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

5.9AI score0.00387EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.37 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

0.00387EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

OpenPLC 安全漏洞

OpenPLC is an open-source, programmable logic controller developed by Thiago Alves. It provides low-cost industrial solutions for automation and research purposes. OpenPLC has a security vulnerability, which stems from the binary program compiled from gluegenerator.cpp not verifying the file path...

6.5CVSS5.9AI score0.00387EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40634

Name of the Vulnerable Software and Affected Versions OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a Description A path injection issue exists in the binary program compiled from glue generator.cpp. The software fails to validate file path parameters passed via the command line, specifically...

6.8CVSS5.9AI score0.00387EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:0 a.m.8 views

CVE-2026-31156

A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

6.5CVSS5.9AI score0.00387EPSS
Exploits2References3
CVE
CVE
added 2026/05/13 12:0 a.m.18 views

CVE-2026-31156

CVE-2026-31156 describes a path-injection flaw in OpenPLC v3 arising from glue_generator.cpp not validating file path arguments passed on the command line. User-supplied paths are handed directly to file APIs (fopen/ifstream/ofstream), enabling an attacker to read arbitrary readable files. Public...

6.5CVSS5.9AI score0.00387EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/10 7:22 p.m.5 views

CVE-2026-35556

OpenPLCV3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information...

9.2CVSS5.8AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/09 9:31 p.m.8 views

EUVD-2026-21009

OpenPLCV3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API...

9.2CVSS5.9AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 8:16 p.m.7 views

CVE-2026-35063

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.8CVSS0.0024EPSS
Exploits0References1
Rows per page
Query Builder