CVE-2025-13970

Name of the Vulnerable Software and Affected Versions OpenPLC V3 (affected versions not specified)

Description The software is susceptible to a cross-site request forgery (CSRF) attack because of missing CSRF validation. An unauthenticated attacker can potentially trick a logged-in administrator into visiting a malicious link. This could allow unauthorized modification of PLC settings or the upload of malicious programs, potentially causing disruption or damage to connected systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.