Vulnerabilities > Openplcproject

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2024-34026 Out-of-bounds Write vulnerability in Openplcproject Openplc V3 Firmware 20240404
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88.
network
low complexity
openplcproject CWE-787
critical
9.8
2024-09-18 CVE-2024-36980 Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88.
network
low complexity
openplcproject CWE-125
7.5
2024-09-18 CVE-2024-36981 Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88.
network
low complexity
openplcproject CWE-125
7.5
2024-09-18 CVE-2024-39589 Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a.
network
low complexity
openplcproject CWE-704
7.5
2024-09-18 CVE-2024-39590 Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a.
network
low complexity
openplcproject CWE-704
7.5
2024-06-28 CVE-2024-37741 Cross-site Scripting vulnerability in Openplcproject Openplc V3 Firmware
OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture.
network
low complexity
openplcproject CWE-79
5.4
2021-08-03 CVE-2021-31630 Code Injection vulnerability in Openplcproject Openplc V3 Firmware
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
network
low complexity
openplcproject CWE-94
8.8
2021-08-02 CVE-2021-3351 Cross-site Scripting vulnerability in Openplcproject Openplc
OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page.
network
low complexity
openplcproject CWE-79
5.4
2021-06-11 CVE-2021-26828 Unrestricted Upload of File with Dangerous Type vulnerability in Openplcproject Scadabr
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.
network
low complexity
openplcproject CWE-434
8.8
2021-06-11 CVE-2021-26829 Cross-site Scripting vulnerability in Openplcproject Scadabr
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
network
low complexity
openplcproject CWE-79
5.4