Primary

Context

OpenPLC V3 Denial-of-Service Vulnerability in ENIP Thread Function

Vulnerability

Patched

A denial-of-service vulnerability has been identified in OpenPLC V3, specifically within the ENIP thread function. The issue arises from the absence of a return value, which causes the application to crash when the server loop concludes and execution encounters an illegal instruction. This vulnerability can be exploited remotely and without authentication, either by starting the same server multiple times or by causing the server to exit unexpectedly. The exploitation leads to a crash of the PLC runtime process, disrupting all automation or control logic managed by OpenPLC.

Impact

Exploitation of this vulnerability causes the OpenPLC runtime process to crash, halting all automation or control logic being managed by the application.

Remediation

Users are advised to update OpenPLC V3 to pull request #292 or later from the main GitHub repository.

Added: Oct 1, 2025, 10:19 PM

Updated: Oct 1, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

8.4

remediation

7.9

relevance

0.6

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

8.4

remediation

7.9

relevance

0.6

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenPLC V3 Denial-of-Service Vulnerability in ENIP Thread Function

Vulnerability

Impact

Remediation

Affected Products

OpenPLC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating