Known Vulnerabilities for products from Openplcproject

Listed below are 9 of the newest known vulnerabilities associated with the vendor "Openplcproject".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Openplcproject can be found at device.report : Openplcproject

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-35556 json OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credenti... Not Provided 2026-04-09 2026-04-16
CVE-2026-35063 json OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=u... Not Provided 2026-04-09 2026-04-16
CVE-2026-31156 json A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled... Not Provided 2026-05-13 2026-05-26
CVE-2026-28205 json OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attac... Not Provided 2026-04-09 2026-04-28
CVE-2021-31630 json Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box... 8.8 - HIGH 2021-08-03 2022-05-03
CVE-2021-26829 json OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. 5.4 - MEDIUM 2021-06-11 2021-06-21
CVE-2021-26828 json OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute ... 8.8 - HIGH 2021-06-11 2021-06-21
CVE-2021-3351 json OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. 5.4 - MEDIUM 2021-08-02 2021-08-09
CVE-2018-20818 json A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occur... 9.8 - CRITICAL 2019-04-22 2019-04-23

Known software with vulnerabilities from Openplcproject

Type Vendor Product Version
HardwareOpenplcprojectOpenplc V2-
Operating
System		OpenplcprojectOpenplc V2 Firmware-
HardwareOpenplcprojectOpenplc V3-
Operating
System		OpenplcprojectOpenplc V3 Firmware-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report