Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC


Cisco's Talos threat intelligence unit has disclosed several vulnerabilities in OpenPLC, an open-source programmable logic controller (PLC) used for industrial automation and research. These include one critical flaw (CVE-2024-34026), which allows remote code execution via crafted EtherNet/IP requests. Additionally, four high-severity vulnerabilities (CVE-2024-36980, CVE-2024-36981, CVE-2024-39589, CVE-2024-39590) can cause denial-of-service (DoS) conditions, potentially disrupting industrial control systems (ICS). The vulnerabilities were patched on September 17, and users are urged to update OpenPLC or apply the source code fixes provided by Talos.

Read More


thumb-image

Solutions