OTPulse
FeedAboutContact

OpenPLC_V3

Plan Patch8ICS-CERT ICSA-25-345-10Dec 11, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

A cross-site request forgery (CSRF) vulnerability in OpenPLC_V3 allows an attacker to trick an authorized user into uploading malicious PLC programs or modifying control settings. Successful exploitation could result in alteration of PLC settings, upload of malicious programs, or disruption of manufacturing processes. The vulnerability requires network access to the PLC and user interaction but has high attack complexity.

What this means
What could happen
An attacker could alter PLC program logic or upload malicious code to OpenPLC, causing incorrect process behavior, equipment shutdown, or unsafe operations in manufacturing facilities.
Who's at risk
Manufacturing facilities using OpenPLC_V3 to control production equipment, motors, pumps, and other industrial processes. This affects any organization relying on open-source PLC software for process automation or standalone PLC deployments not protected by industrial firewalls.
How it could be exploited
An attacker with network access to the OpenPLC instance could exploit a cross-site request forgery (CSRF) vulnerability to trick an authorized user into uploading malicious PLC programs or modifying control settings. The attack requires user interaction (UI:R) and relatively complex setup, but succeeds in networks where the PLC is accessible from less-trusted segments.
Prerequisites
  • Network access to the OpenPLC web interface
  • Ability to trick an authorized engineer or operator into clicking a malicious link or visiting a crafted webpage
  • OpenPLC must be exposed to a network segment where the attacker can reach it
  • Target user must be logged into OpenPLC at the time of the attack
remotely exploitableno authentication required to trigger the attack (CSRF)high impact on process integrityaffects PLC program execution
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
OpenPLC_V3: <pull_request_#310<pull request #310pull request #310 or later
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate OpenPLC instances from the business network and internet using firewall rules; restrict access to the web interface to authorized engineering workstations only
HARDENINGIf remote access is required, enforce VPN-only connections to the OpenPLC web interface and disable direct internet exposure
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate OpenPLC_V3 to pull request #310 or later from the main GitHub repository
Long-term hardening
0/1
HARDENINGImplement network segmentation to place control system devices on a separate VLAN from office networks and the internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ff86788c-b9f7-498f-a1f1-30448bb7a526
OpenPLC_V3 | CVSS 8 - OTPulse