top of page
perceptive_background_267k.jpg

OpenPLC_V3

Published:

11 december 2025 om 12:00:00

Alert date:

11 december 2025 om 21:05:27

Source:

cisa.gov

Click to open the original link from this advisory

OpenPLC_V3 contains a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2025-13970) that allows unauthenticated attackers to trick administrators into modifying PLC settings or uploading malicious programs. The vulnerability affects versions prior to pull request #310 and has a CVSS v3 score of 8.0 and CVSS v4 score of 7.0. Successful exploitation could result in significant disruption or damage to connected industrial control systems across critical infrastructure sectors including manufacturing, energy, transportation, and water systems. The vulnerability is exploitable remotely but has high attack complexity and requires user interaction.

Technical details

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settings or the upload of malicious programs which could lead to significant disruption or damage to connected systems. The vulnerability is exploitable remotely with high attack complexity. CVSS v3 base score of 8.0 and CVSS v4 base score of 7.0.

Mitigation steps:

Update OpenPLC_V3 to pull request #310 or later from the main GitHub repository. Minimize network exposure for all control system devices ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use secure methods such as Virtual Private Networks (VPNs). Perform proper impact analysis and risk assessment prior to deploying defensive measures. Implement recommended cybersecurity strategies for proactive defense of ICS assets. Report suspected malicious activity to CISA.

Affected products:

OpenPLC_V3: Versions prior to pull request #310

Related links:

https://github.com/cisagov/CSAF
https://cwe.mitre.org/data/definitions/352.html
https://www.cve.org/CVERecord?id=CVE-2025-13970
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:H
https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:H
https://github.com/thiagoralves/OpenPLC_v3
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.cisa.gov/topics/industrial-control-systems
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page