OTPulse
FeedAboutContact

OpenPLC_V3

Plan Patch7.1ICS-CERT ICSA-25-273-05Sep 30, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

OpenPLC_V3 contains a vulnerability that could cause denial of service by crashing the PLC runtime process. This is not remotely exploitable and requires local access to the system running OpenPLC_V3. Successful exploitation would interrupt automated control operations until the process is manually restarted.

What this means
What could happen
A vulnerability in OpenPLC_V3 could crash the PLC runtime process, causing loss of control over the programmable logic controller and temporary interruption of automated manufacturing operations.
Who's at risk
Manufacturing facilities using OpenPLC_V3 as their programmable logic controller should be concerned. This affects any operation that relies on OpenPLC_V3 for automated control of machinery or processes.
How it could be exploited
An attacker with local access to the device running OpenPLC_V3 could trigger a condition that causes the runtime process to crash. This is not remotely exploitable and requires direct or local access to the system.
Prerequisites
  • Local access to the system running OpenPLC_V3
  • Ability to trigger the specific condition that causes the crash
Local access required (not remotely exploitable)High severity (CVSS 7.1)Causes denial of service (process crash)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
OpenPLC_V3: <pull_request_#292<pull request #292pull request #292 or later
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network and physical access to systems running OpenPLC_V3 to authorized personnel and engineering workstations only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate OpenPLC_V3 to pull request #292 or later from the main GitHub repository
Long-term hardening
0/2
HARDENINGIsolate control system networks running OpenPLC_V3 from business networks using firewalls and network segmentation
HARDENINGIf remote access to OpenPLC_V3 systems is required, implement VPN with the most current version available
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7a8d1bc7-c860-47d7-8318-ce96706c7e2e
OpenPLC_V3 | CVSS 7.1 - OTPulse