CVE-2021-31630

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:openplcproject:openplc_v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*

History

03 May 2022, 16:04

Type Values Removed Values Added
CWE CWE-78 CWE-94

12 Aug 2021, 14:50

Type Values Removed Values Added
CWE CWE-78
CVSS v2 : unknown
v3 : unknown
v2 : 9.0
v3 : 8.8
CPE cpe:2.3:o:openplcproject:openplc_v3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:openplcproject:openplc_v3:-:*:*:*:*:*:*:*
References (MISC) https://www.youtube.com/watch?v=l08DHB08Gow - (MISC) https://www.youtube.com/watch?v=l08DHB08Gow - Exploit, Third Party Advisory
References (MISC) https://packetstormsecurity.com/files/162563/OpenPLC-WebServer-3-Remote-Code-Execution.html - (MISC) https://packetstormsecurity.com/files/162563/OpenPLC-WebServer-3-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

03 Aug 2021, 15:33

Type Values Removed Values Added
New CVE

Information

Published : 2021-08-03 15:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-31630

Mitre link : CVE-2021-31630

CVE.ORG link : CVE-2021-31630


JSON object : View

Products Affected

openplcproject

  • openplc_v3_firmware
  • openplc_v3
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')