Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenPLC 3 - Remote Code Execution
Vulnerability Description
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
OpenPLC 代码注入漏洞
Vulnerability Description
OpenPLC是Thiago Alves个人开发者的一种开源的可编程逻辑控制器。可为自动化和研究提供低成本的工业解决方案。 OpenPLC v3版本存在代码注入漏洞,该漏洞源于通过硬件配置接口存在经过身份验证的远程代码执行,可能导致执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A