Cisco Talos reported critical and high-severity vulnerabilities in OpenPLC that could lead to denial-of-service (DoS) conditions and remote code execution.

Cisco Talos, Cisco’s threat intelligence unit, disclosed details of five newly patched vulnerabilities affecting OpenPLC, an open-source programmable logic controller (PLC) designed to provide a low-cost solution for industrial automation.

OpenPLC is widely used to automate machines and processes across industries such as manufacturing, energy, and utilities.

These vulnerabilities can be exploited to trigger denial-of-service conditions or to execute code remotely on affected systems.

The most severe issue is a stack-based buffer overflow vulnerability tracked as CVE-2024-34026, with a CVSS score of 9.0.

The vulnerability resides in the OpenPLC Runtime EtherNet/IP parser functionality in OpenPLC version v3b4702061dc14d1024856f71b4543298d77007b88.

Read the full article