Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Openplc V3 Firmware Security Vulnerabilities

cve
cve

CVE-2018-20818

A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.

9.8CVSS

10AI Score

0.003EPSS

2019-04-22 11:29 AM
32
cve
cve

CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

8.8CVSS

9.1AI Score

0.006EPSS

2021-08-03 03:15 PM
57
2
cve
cve

CVE-2024-34026

A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can send a series of EtherNet/IP requests to tri...

9CVSS

8.3AI Score

0.001EPSS

2024-09-18 03:15 PM
10
cve
cve

CVE-2024-36980

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vu...

7.5CVSS

6.9AI Score

0.0005EPSS

2024-09-18 03:15 PM
10
cve
cve

CVE-2024-36981

An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to trigger this vu...

7.5CVSS

6.9AI Score

0.0005EPSS

2024-09-18 03:15 PM
10
cve
cve

CVE-2024-37741

OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.

5.4CVSS

6AI Score

0.001EPSS

2024-06-28 01:15 PM
24
cve
cve

CVE-2024-39589

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to ...

7.5CVSS

7.1AI Score

0.0005EPSS

2024-09-18 03:15 PM
10
cve
cve

CVE-2024-39590

Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can send a series of EtherNet/IP requests to ...

7.5CVSS

7AI Score

0.0005EPSS

2024-09-18 03:15 PM
11