Home
Home
Trends
Trends
Vulnerabilities
Vulnerabilities
News
News
Researchers
Researchers
Why dbugs?
Why dbugs?
Settings

Shuhratbek Uraimov

#29562of 54,864
8.8Total CVSS
Vulnerabilities · 1
PT-2026-60966
8.8
2026-07-18
Openplc · Openplc · CVE-2026-11826
**Name of the Vulnerable Software and Affected Versions** OpenPLC v3 (affected versions not specified) **Description** A heap-based buffer overflow exists in the `getData()` function within `webserver/core/modbus master.cpp`. The function reads characters between two delimiters into a caller-supplied buffer without a size parameter or bounds check. Specifically, in `parseConfig()`, the function is called using the 100-byte heap-allocated `MB device.dev name` field. An authenticated attacker with access to the web interface can send a crafted HTTP POST request to the `/modbus` endpoint containing an oversized `device name` value. This value is saved to `mbconfig.cfg` and parsed upon loading, which overflows `dev name` and overwrites adjacent structure fields, including `protocol` at offset 108, `dev address` at offset 109, and `ip port` at offset 210. For example, a 200-byte payload writes 100 bytes beyond the allocation, resulting in heap corruption that causes a runtime crash and denial of service of the PLC process control loop. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. Restrict access to the web interface to minimize the risk of exploitation.