Vulnerabilities > Openplcproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-03 | CVE-2021-31630 | Code Injection vulnerability in Openplcproject Openplc V3 Firmware Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | 9.0 |
2021-08-02 | CVE-2021-3351 | Cross-site Scripting vulnerability in Openplcproject Openplc OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. | 3.5 |
2021-06-11 | CVE-2021-26828 | Unrestricted Upload of File with Dangerous Type vulnerability in Openplcproject Scadabr OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | 6.5 |
2021-06-11 | CVE-2021-26829 | Cross-site Scripting vulnerability in Openplcproject Scadabr OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | 3.5 |
2019-04-22 | CVE-2018-20818 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openplcproject Openplc V2 Firmware and Openplc V3 Firmware A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. | 7.5 |