CVE-2025-54811
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openplc | openplc_runtime | 3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-758 | The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in OpenPLC_V3 occurs in the enipThread function due to a missing return value, which causes the server to crash when the server loop ends and an illegal instruction is executed. It can be triggered remotely without authentication by starting the server multiple times or if the server exits unexpectedly, leading to a crash of the PLC process.
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to cause a Denial of Service (DoS) against the PLC runtime, stopping any remotely started PLC process without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC, potentially disrupting industrial or control systems.