Vulnerabilities > Openplcproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-18 | CVE-2024-34026 | Out-of-bounds Write vulnerability in Openplcproject Openplc V3 Firmware 20240404 A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. | 9.8 |
| 2024-09-18 | CVE-2024-36980 | Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404 An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. | 7.5 |
| 2024-09-18 | CVE-2024-36981 | Out-of-bounds Read vulnerability in Openplcproject Openplc V3 Firmware 20240404 An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. | 7.5 |
| 2024-09-18 | CVE-2024-39589 | Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528 Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. | 7.5 |
| 2024-09-18 | CVE-2024-39590 | Incorrect Type Conversion or Cast vulnerability in Openplcproject Openplc V3 Firmware 20240528 Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. | 7.5 |
| 2024-06-28 | CVE-2024-37741 | Cross-site Scripting vulnerability in Openplcproject Openplc V3 Firmware OpenPLC 3 through 9cd8f1b allows XSS via an SVG document as a profile picture. | 5.4 |
| 2021-08-03 | CVE-2021-31630 | Code Injection vulnerability in Openplcproject Openplc V3 Firmware Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | 8.8 |
| 2021-08-02 | CVE-2021-3351 | Cross-site Scripting vulnerability in Openplcproject Openplc OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. | 5.4 |
| 2021-06-11 | CVE-2021-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in Openplcproject Scadabr OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | 8.8 |
| 2021-06-11 | CVE-2021-26829 | Cross-site Scripting vulnerability in Openplcproject Scadabr OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | 5.4 |