Openplcproject: >> Openplc V3 Security Vulnerabilities
A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to the underlying file operation functions (fopen/ifstream/ofstream) for file reading and writing. An attacker can exploit this vulnerability by constructing a malicious path to read arbitrary readable files.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-13
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access.
CVSS Score
8.7
EPSS Score
0.0
Published
2026-04-09
OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.
CVSS Score
9.2
EPSS Score
0.0
Published
2026-04-09
OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API.
CVSS Score
9.2
EPSS Score
0.001
Published
2026-04-09
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-06-28
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
CVSS Score
8.8
EPSS Score
0.859
Published
2021-08-03
A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-04-22