OpenPLC 3 - Remote Code Execution

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

对生成代码的控制不恰当(代码注入)

OpenPLC 代码注入漏洞

OpenPLC是Thiago Alves个人开发者的一种开源的可编程逻辑控制器。可为自动化和研究提供低成本的工业解决方案。 OpenPLC v3版本存在代码注入漏洞，该漏洞源于通过硬件配置接口存在经过身份验证的远程代码执行，可能导致执行恶意代码。

N/A

N/A