Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenPLC v3 External Control of File Name or Path
Vulnerability Description
OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow. The application stores an attacker‑supplied filename (prog_file) directly into the Programs.File database field and later uses this value as the destination path for an uploaded file without validating or restricting the path. Because Python os.path.join() honors attacker‑controlled absolute paths, an authenticated user can write arbitrary files anywhere writable by the OpenPLC webserver process. In the default build pipeline, all C++ source files within the OpenPLC runtime core directory are automatically compiled into the executable runtime binary. By writing a malicious .cpp file into this directory, an authenticated attacker can escalate the arbitrary file write into arbitrary native code execution when the operator triggers a normal program compilation and runtime start.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Autonomy OpenPLC Runtime 输入验证错误漏洞
Vulnerability Description
Autonomy OpenPLC Runtime是Autonomy公司的一款工业控制运行时软件。 Autonomy OpenPLC Runtime v3版本存在输入验证错误漏洞,该漏洞源于在legacy web UI程序上传流程中未验证或限制文件路径,直接将攻击者提供的文件名(prog_file)存入数据库并用作上传文件的目标路径,因此攻击者可以写入任意文件到webserver进程可写的位置。通过将恶意.cpp文件写入OpenPLC运行时核心目录,该文件会被编译进可执行运行时二进制文件,导致攻击者可将任意
CVSS Information
N/A
Vulnerability Type
N/A