Lucene search
K

208 matches found

CNNVD
CNNVD
added 2025/08/04 12:0 a.m.3 views

OpenPLC Runtime version 3 代码问题漏洞

OpenPLC Runtime version 3 is a programmable logic controller by the individual developer Thiago Alves. A code issue vulnerability exists in OpenPLC Runtime version 3 that originates from allowing an authenticated user to upload arbitrary files and access them publicly...

6.4CVSS6.8AI score0.00233EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/04 12:0 a.m.5 views

CVE-2025-54962

/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files such as .html or .svg, and these are then publicly accessible under the /static URI...

6.4CVSS6.5AI score0.00233EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.7 views

PT-2025-31796 · Unknown · Openplc Runtime

Name of the Vulnerable Software and Affected Versions: OpenPLC Runtime versions 3 through 9cd8f1b Description: An authenticated user can upload arbitrary files, such as .html or .svg, through the /edit-user endpoint in the webserver. These uploaded files are then publicly accessible under the...

6.4CVSS6.6AI score0.00233EPSS
Exploits1References7
CVE
CVE
added 2025/08/04 12:0 a.m.23 views

CVE-2025-54962

OpenPLC Runtime CVE-2025-54962 affects OpenPLC Runtime versions 3 through 9cd8f1b. The webserver’s /edit-user endpoint allows authenticated users to upload arbitrary files (e.g., .html, .svg); these uploads are stored under /static and become publicly accessible. The root cause is improper valida...

6.4CVSS6.5AI score0.00233EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/07/29 4:16 p.m.127 views

Exploit for CVE-2025-54962

🔥 CVE-2025-54962 — Insecure File Upload in OpenPLC Runtime Web...

6.4CVSS6.3AI score0.00233EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.11 views

CVE-2024-37741

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture...

5.4CVSS5.9AI score0.00334EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:48 p.m.8 views

CVE-2021-3351

OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...

5.4CVSS5.7AI score0.0052EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:28 p.m.8 views

CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...

8.8CVSS7.3AI score0.39096EPSS
Exploits8References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:28 p.m.4 views

CVE-2021-26829

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via systemsettings.shtm...

5.4CVSS5.7AI score0.4805EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:59 a.m.7 views

CVE-2018-20818

A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLCv2 and OpenPLCv3 versions. It occurs in the modbus.cpp mapUnusedIO function, which can cause a runtime crash of the PLC or possibly have unspecified other impact...

9.8CVSS8.1AI score0.01532EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 6:15 a.m.17 views

CVE-2025-46613

OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable...

7.5CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/25 12:0 a.m.11 views

CVE-2025-46613

OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable...

7.5CVSS7.2AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.4 views

OpenPLC 竞争条件问题漏洞

OpenPLC is an open source programmable logic controller from the individual developer Thiago Alves. It can provide low-cost industrial solutions for automation and research. A security vulnerability exists in OpenPLC versions 3 through 64f9c11, which stems from a memory corruption in server.cpp...

7.5CVSS6.8AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2025/04/25 12:0 a.m.64 views

CVE-2025-46613

OpenPLC 3 through 64f9c11 is affected by a memory corruption vulnerability in server.cpp caused by a thread accessing the handleConnections arguments after the parent stack frame becomes unavailable, i.e., a race condition. This is documented across multiple sources (NVD/Red Hat/CIRCL/CNNVD, PT-S...

7.5CVSS7.6AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/25 12:0 a.m.16 views

CVE-2025-46613

OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable...

7.5CVSS0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/25 12:0 a.m.7 views

PT-2025-17884 · Openplc · Openplc

Name of the Vulnerable Software and Affected Versions: OpenPLC versions 3 through 64f9c11 Description: The issue is related to a memory corruption problem in the server.cpp component of OpenPLC. This occurs because a thread may access handleConnections arguments after the parent stack frame becom...

7.5CVSS6.5AI score0.00196EPSS
Exploits0References9
OSV
OSV
added 2025/02/06 12:15 a.m.6 views

CVE-2025-1066

OpenPLCV3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns...

9.8CVSS7.1AI score0.00439EPSS
Exploits0References2
NVD
NVD
added 2025/02/06 12:15 a.m.8 views

CVE-2025-1066

OpenPLCV3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns...

9.8CVSS0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.6 views

OpenPLC 安全漏洞

OpenPLC is an open source programmable logic controller from the individual developer Thiago Alves. It can provide low-cost industrial solutions for automation and research. A security vulnerability exists in OpenPLC version 3, which stems from the inclusion of an arbitrary file upload...

9.8CVSS6.9AI score0.00439EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/05 11:39 p.m.24 views

CVE-2025-1066 CVE-2025-1066

OpenPLCV3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns...

0.00439EPSS
Exploits0References2
Rows per page
Query Builder