Filtered by vendor Openplcproject
Subscriptions
Filtered by product Openplc V3
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54811 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2025-10-02 | 7.1 High |
| OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC. | ||||
| CVE-2025-54962 | 1 Openplcproject | 2 Openplc, Openplc V3 | 2025-08-05 | 6.4 Medium |
| /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. | ||||
| CVE-2024-37741 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-11-21 | 5.4 Medium |
| OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. | ||||
| CVE-2024-34026 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-11-21 | 9 Critical |
| A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability. | ||||
| CVE-2021-31630 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-11-21 | 8.8 High |
| Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | ||||
| CVE-2018-20818 | 1 Openplcproject | 4 Openplc V2, Openplc V2 Firmware, Openplc V3 and 1 more | 2024-11-21 | N/A |
| A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact. | ||||
| CVE-2024-39589 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-09-26 | 7.5 High |
| Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Read_Reply` function | ||||
| CVE-2024-39590 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-09-26 | 7.5 High |
| Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger these vulnerabilities.This instance of the vulnerability occurs within the `Protected_Logical_Write_Reply` function | ||||
| CVE-2024-36981 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-09-26 | 7.5 High |
| An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the final instance of the incorrect comparison. | ||||
| CVE-2024-36980 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2024-09-26 | 7.5 High |
| An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vulnerability.This is the first instance of the incorrect comparison. | ||||
Page 1 of 1.