CVE-2021-47770

High CVSS: 8.6

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.

Vendor

Product

CWE

CWE-94

Yayın Tarihi

2026-01-21 18:16:09

Güncelleme

2026-01-26 15:04:59

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-94 HIGH 2026

Referanslar

https://github.com/thiagoralves/OpenPLC_v3 https://www.exploit-db.com/exploits/49803 https://www.openplcproject.com/ https://www.vulncheck.com/advisories/openplc-remote-code-execution