CVE-2021-47770

Name of the Vulnerable Software and Affected Versions OpenPLC version 3

Description The software contains an authenticated remote code execution issue. An attacker with valid credentials can inject malicious code through the hardware configuration interface. This allows for the upload of a custom hardware layer containing reverse shell code, which establishes a network connection to a specified IP and port, enabling remote command execution. The vulnerable interface is the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code. The reverse shell code establishes a network connection to a specified IP and port, enabling remote command execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.