CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.868

EPSS Ranking 99.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

https://packetstormsecurity.com/files/162563/OpenPLC-WebServer-3-Remote-Code-Execution.html
https://www.youtube.com/watch?v=l08DHB08Gow
https://packetstormsecurity.com/files/162563/OpenPLC-WebServer-3-Remote-Code-Execution.html
https://www.youtube.com/watch?v=l08DHB08Gow

Products affected by CVE-2021-31630

Openplcproject » Openplc V3 » Version: N/A

cpe:2.3:h:openplcproject:openplc_v3:-
Openplcproject » Openplc V3 Firmware » Version: N/A

cpe:2.3:o:openplcproject:openplc_v3_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31630

Products

Pricing

Contact Us