Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Authorization in OpenPLC_V3
Vulnerability Description
OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
OpenPLC Runtime version 3 安全漏洞
Vulnerability Description
OpenPLC Runtime version 3是Thiago Alves个人开发者的一个可编程逻辑控制器。 OpenPLC Runtime version 3 存在安全漏洞,该漏洞源于REST API端点仅检查JWT存在但未验证调用者角色,可能导致经过身份验证的用户删除其他用户或创建具有管理员权限的新账户。
CVSS Information
N/A
Vulnerability Type
N/A