OpenPLC_V3

Plan PatchCVSS 8ICS-CERT ICSA-25-345-10Dec 11, 2025

Manufacturing

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

OpenPLC_V3 contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to alter PLC settings or upload malicious programs to the controller. The vulnerability affects the OpenPLC_V3 GitHub repository and has been resolved in pull request #310.

What this means

What could happen

An attacker could trick an authenticated user into unknowingly modifying PLC configurations or uploading malicious logic to control critical industrial processes, disrupting operations or causing unsafe equipment behavior.

Who's at risk

Manufacturing facilities using OpenPLC_V3 as a programmable logic controller for process automation, machine control, or safety logic should prioritize this update. This applies to facilities that expose the OpenPLC_V3 web interface to engineering workstations or allow remote access for commissioning or troubleshooting.

How it could be exploited

An attacker crafts a malicious webpage or email containing a CSRF payload that targets the OpenPLC_V3 web interface. When a logged-in engineer or operator visits the attacker's page, the browser automatically submits forged requests to change PLC settings or upload new logic without the user's knowledge or consent.

Prerequisites

User must be actively logged in to the OpenPLC_V3 web interface
Attacker must be able to trick the user into visiting a malicious website or opening a crafted email link
Network access to the OpenPLC_V3 web interface (typically port 8080 or similar, may be restricted to local network or require VPN

High impact (code execution on PLC)Requires user interaction (social engineering)High attack complexityAffects industrial automation and control logic

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (1)

ProductAffected VersionsFix Status

OpenPLC_V3: <pull_request_#310<pull request #310pull request #310+

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGRestrict access to the OpenPLC_V3 web interface to trusted engineering workstations only; block inbound access from business networks or the internet using firewall rules

WORKAROUNDUse CSRF tokens and same-site cookie policies in the OpenPLC_V3 application to prevent cross-origin requests

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate OpenPLC_V3 to pull request #310 or later from the main GitHub repository

Long-term hardening

0/2

HARDENINGDeploy OpenPLC_V3 behind a VPN gateway and require authentication before allowing engineering or operator access to the interface

HARDENINGEducate engineering and operations staff about phishing emails and malicious links that could trigger CSRF attacks

CVEs (1)

CVE-2025-13970

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ff86788c-b9f7-498f-a1f1-30448bb7a526

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.