OpenPLC Remote Code Execution Vulnerability in Version 3

A remote code execution vulnerability has been identified in OpenPLC version 3. This issue allows authenticated attackers to inject malicious code through the hardware configuration interface. By uploading a custom hardware layer embedded with reverse shell code, attackers can establish a network connection to a specified IP address and port, enabling remote command execution on the affected system.

Impact

Exploitation of this vulnerability allows for authenticated remote code execution on the server where OpenPLC is running.

Reproduction

To reproduce this vulnerability, authenticate with valid credentials and upload a program through the 'upload-program' endpoint. The uploaded program can include malicious code, such as a reverse shell, which will be executed on the server. After uploading the program, it can be compiled and the PLC server can be started, which will trigger the execution of the injected code.