Buffer Overflow Vulnerability in OpenPLC Controller by OpenPLC Project
CVE-2018-20818

9.8CRITICAL

Key Information:

Vendor: Openplcproject
Status: Openplc V2 Firmware
Vendor: CVE Published:; 22 April 2019

🔔 Create Openplcproject Vulnerability Alert

What is CVE-2018-20818?

A buffer overflow vulnerability has been identified in the OpenPLC controller affecting versions OpenPLC_v2 and OpenPLC_v3. This flaw resides in the modbus.cpp file's mapUnusedIO() function. Exploiting this vulnerability may lead to unpredictable runtime crashes of the programmable logic controller (PLC) and could potentially result in other unknown impacts on system functionality.

References

https://arxiv.org/pdf/1809.07477

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2019
Vulnerability Reserved
Apr 21, 2019