Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead
to DoS condition and remote code execution.
Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in
OpenPLC, an open-source programmable logic controller designed to offer a low-cost solution
for industrial automation. It is widely used for automating machines and processes in industries
like manufacturing, energy, and utilities. These vulnerabilities can be exploited to trigger a
denial-of-service (DoS) condition or execute remote code.
The most severe issue is a stack-based buffer overflow vulnerability, tracked as CVE-2024-
34026 (CVSS score 9.0), that resides in the OpenPLC Runtime EtherNet/IP parser functionality
of OpenPLC _v3b4702061dc14d1024856f71b4543298d77007b88.
https://securityaffairs.com/168953/ics-scada/openplc-critical-flaw.html