Description
Buffer overflow due to incorrect authorization in PLC FW
Published: 2026-05-04
Score: 9.6 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in the PLC firmware arises because authorization checks are incorrectly implemented. This flaw permits untrusted input to be processed without proper validation, enabling execution of arbitrary code. If exploited, an attacker could gain full control over the PLC, subverting its intended operation and potentially compromising any processes it governs.

Affected Systems

The vulnerability impacts Qualcomm, Inc. Snapdragon PLC devices. Exact firmware versions are not listed, but any Snapdragon PLC running the affected firmware assembly is susceptible.

Risk and Exploitability

The CVSS score of 9.6 indicates extremely high severity. EPSS data is unavailable, so the current exploit probability is unknown. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, through network traffic to the PLC management interface, since proper authorization is missing at that boundary. Successful exploitation would lead to complete compromise of the PLC system.

Generated by OpenCVE AI on May 4, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Qualcomm Snapdragon PLC firmware that includes the buffer overflow fix and corrected authorization checks, following the vendor’s security bulletin.
  • Configure the PLC to use strong authentication and restrict management access to authorized users and trusted network zones only.
  • Apply network segmentation and firewall rules to isolate PLC devices from untrusted networks and limit exposure of the management interface.
  • Enable and monitor PLC logging, and configure alerts for anomalous traffic patterns that could indicate exploitation attempts.

Generated by OpenCVE AI on May 4, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Buffer overflow due to incorrect authorization in PLC FW
Title Incorrect authorization in PLC FW
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T18:29:20.615Z

Reserved: 2026-02-02T04:19:00.943Z

Link: CVE-2026-25293

cve-icon Vulnrichment

Updated: 2026-05-04T18:27:19.451Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:22.270

Modified: 2026-05-04T17:16:22.270

Link: CVE-2026-25293

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:00:07Z

Weaknesses