1. EXECUTIVE SUMMARY
- CVSS v4 6.1
- ATTENTION: Low attack complexity
- Vendor: OpenPLC_V3
- Equipment: OpenPLC_V3
- Vulnerability: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of OpenPLC_V3 are affected:
- OpenPLC_V3: Versions prior to pull request #292
3.2 VULNERABILITY OVERVIEW
3.2.1 RELIANCE ON UNDEFINED, UNSPECIFIED, OR IMPLEMENTATION-DEFINED BEHAVIOR CWE-758
OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC.
CVE-2025-54811 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2025-54811. A base score of 6.1 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories