OpenPLC Vulnerability in Plaintext Password Storage Allowing Credential Retrieval

Vulnerability

A vulnerability exists in OpenPLC version 3 (Update A) due to plaintext storage of passwords, which could enable an attacker to access credentials and sensitive information. This vulnerability is part of a group of issues that could lead to unauthorized alteration of PLC settings, uploading of malicious programs, or bypassing authentication.

Impact

Exploitation of this vulnerability could result in unauthorized access to credentials and sensitive information.

Added: Apr 9, 2026, 9:30 PM

Updated: Apr 9, 2026, 9:30 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

8.3

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

8.3

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenPLC Vulnerability in Plaintext Password Storage Allowing Credential Retrieval

Vulnerability

Impact

Affected Products

OpenPLC_V3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating