Openplcproject

Openplc V3 Firmware

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-31156

Exploit
  • EPSS 0.41%
  • Veröffentlicht 13.05.2026 00:00:00
  • Zuletzt bearbeitet 26.05.2026 15:13:06

A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-co...

8.8

CVE-2026-35063

  • EPSS 0.24%
  • Veröffentlicht 09.04.2026 20:16:25
  • Zuletzt bearbeitet 16.04.2026 20:49:50

OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with rol...

7.5

CVE-2026-35556

  • EPSS 0.3%
  • Veröffentlicht 09.04.2026 19:16:25
  • Zuletzt bearbeitet 16.04.2026 20:49:30

OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.

9.8

CVE-2026-28205

  • EPSS 0.45%
  • Veröffentlicht 09.04.2026 19:16:23
  • Zuletzt bearbeitet 28.04.2026 17:17:50

OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.

7.5

CVE-2024-36981

Exploit
  • EPSS 1.02%
  • Veröffentlicht 18.09.2024 15:15:15
  • Zuletzt bearbeitet 04.11.2025 17:15:53

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a ...

7.5

CVE-2024-39589

Exploit
  • EPSS 1.02%
  • Veröffentlicht 18.09.2024 15:15:15
  • Zuletzt bearbeitet 04.11.2025 17:15:54

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attac...

7.5

CVE-2024-39590

Exploit
  • EPSS 1.02%
  • Veröffentlicht 18.09.2024 15:15:15
  • Zuletzt bearbeitet 04.11.2025 17:15:55

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attac...

9.8

CVE-2024-34026

Exploit
  • EPSS 2.4%
  • Veröffentlicht 18.09.2024 15:15:14
  • Zuletzt bearbeitet 21.11.2024 09:17:56

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker...

7.5

CVE-2024-36980

Exploit
  • EPSS 1.1%
  • Veröffentlicht 18.09.2024 15:15:14
  • Zuletzt bearbeitet 04.11.2025 17:15:53

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a ...

5.4

CVE-2024-37741

Exploit
  • EPSS 0.33%
  • Veröffentlicht 28.06.2024 13:15:02
  • Zuletzt bearbeitet 21.11.2024 09:24:16

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.