CVE-2025-54811
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-54811, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-01

Last updated on: 2025-10-02

Assigner: ICS-CERT

Description

OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (DoS) against the PLC runtime, stopping any PC started remotely without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-01
Last Modified
2025-10-02
Generated
2026-07-06
AI Q&A
2025-10-02
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openplc openplc_runtime 3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-758 The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in OpenPLC_V3 occurs in the enipThread function due to a missing return value, which causes the server to crash when the server loop ends and an illegal instruction is executed. It can be triggered remotely without authentication by starting the server multiple times or if the server exits unexpectedly, leading to a crash of the PLC process.

Impact Analysis

An attacker can exploit this vulnerability to cause a Denial of Service (DoS) against the PLC runtime, stopping any remotely started PLC process without authentication. This results in the PLC process crashing and halting all automation or control logic managed by OpenPLC, potentially disrupting industrial or control systems.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54811. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart