OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC.
Fixes

Solution

Pull request #292 resolves this issue. Users are advised to update OpenPLC_V3 to pull request #292 or later from the main GitHub repository https://github.com/thiagoralves/OpenPLC_v3 .


Workaround

No workaround given by the vendor.

History

Wed, 01 Oct 2025 21:30:00 +0000

Type Values Removed Values Added
Description OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC.
Title OpenPLC_V3
Weaknesses CWE-758
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-10-01T21:22:31.015Z

Reserved: 2025-09-23T19:54:22.490Z

Link: CVE-2025-54811

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-10-01T22:15:31.473

Modified: 2025-10-01T22:15:31.473

Link: CVE-2025-54811

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.