<ciso brief/>
Tag Banner

All news with #openplc tag

all tags →

Wed, October 15, 2025

OpenPLC and Planet WGR-500: Multiple Vulnerabilities

#Security Advisory #Patch #Command Injection #Stack Overflow #OpenPLC #Planet WGR-500

⚠️ Cisco Talos disclosed vulnerabilities affecting OpenPLC and the Planet WGR-500 industrial router, including a ModbusTCP denial-of-service and multiple critical flaws in HTTP-handling functions. The OpenPLC issue (TALOS-2025-2223 / CVE-2025-53476) can be triggered by a crafted series of TCP connections to exhaust the ModbusTCP server. Planet WGR-500 vulnerabilities (TALOS-2025-2226–2229 / CVE-2025-54399–54406, CVE-2025-48826) include stack-based buffer overflows, format string, and OS command injection flaws that may lead to memory corruption or arbitrary command execution.

read more →

Tue, September 30, 2025

OpenPLC_V3 Denial-of-Service Vulnerability (CVE-2025-54811)

#Security Advisory #Patch #OpenPLC #Denial of Service

⚠️ CISA published an advisory for OpenPLC_V3 describing a denial-of-service vulnerability (CVE-2025-54811) caused by a missing return in the enipThread function that can trigger an illegal instruction and crash the PLC runtime. The flaw affects versions prior to pull request #292 and can stop PLCs under certain conditions. A patch is available in PR #292; administrators should update and isolate affected devices.

read more →