208 matches found
OpenPLC Runtime version 3 代码问题漏洞
OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. A code issue vulnerability exists in OpenPLC Runtime version 3 that originates from allowing an authenticated user to upload arbitrary files and access them publicly...
CVE-2025-54962
/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...
PT-2025-31796 · Unknown · Openplc Runtime
Name of the Vulnerable Software and Affected Versions: OpenPLC Runtime versions 3 through 9cd8f1b Description: An authenticated user can upload arbitrary files, such as .html or .svg, through the /edit-user endpoint in the webserver. These uploaded files are then publicly accessible under the...
CVE-2025-54962
OpenPLC Runtime CVE-2025-54962 affects OpenPLC Runtime versions 3 through 9cd8f1b. The webserver’s /edit-user endpoint allows authenticated users to upload arbitrary files (e.g., .html, .svg); these uploads are stored under /static and become publicly accessible. The root cause is improper valida...
Exploit for CVE-2025-54962
🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...
CVE-2024-37741
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture...
CVE-2021-3351
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...
CVE-2021-26828
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...
CVE-2021-26829
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via systemsettings.shtm...
CVE-2018-20818
A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLCv2 and OpenPLCv3 versions. It occurs in the modbus.cpp mapUnusedIO function, which can cause a runtime crash of the PLC or possibly have unspecified other impact...
CVE-2025-46613
OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable...
CVE-2025-46613
OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable...
OpenPLC 竞争条件问题漏洞
OpenPLC is an open source programmable logic controller from the individual developer Thiago Alves. It can provide low-cost industrial solutions for automation and research. A security vulnerability exists in OpenPLC versions 3 through 64f9c11, which stems from a memory corruption in server.cpp...
CVE-2025-46613
OpenPLC 3 through 64f9c11 is affected by a memory corruption vulnerability in server.cpp caused by a thread accessing the handleConnections arguments after the parent stack frame becomes unavailable, i.e., a race condition. This is documented across multiple sources (NVD/Red Hat/CIRCL/CNNVD, PT-S...
CVE-2025-46613
OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable...
PT-2025-17884 · Openplc · Openplc
Name of the Vulnerable Software and Affected Versions: OpenPLC versions 3 through 64f9c11 Description: The issue is related to a memory corruption problem in the server.cpp component of OpenPLC. This occurs because a thread may access handleConnections arguments after the parent stack frame becom...
CVE-2025-1066
OpenPLCV3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns...
CVE-2025-1066
OpenPLCV3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns...
OpenPLC 安全漏洞
OpenPLC is an open source programmable logic controller from the individual developer Thiago Alves. It can provide low-cost industrial solutions for automation and research. A security vulnerability exists in OpenPLC version 3, which stems from the inclusion of an arbitrary file upload...
CVE-2025-1066 CVE-2025-1066
OpenPLCV3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns...