CVE-2021-47770
OpenPLC 3 - Remote Code Execution
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Autonomy · OpenPLC