← Back to home
ICSA-26-190-01  ·  Published 2026-07-09  ·  View on CISA ICS-CERT ↗

OpenPLC v3

CVSS 9.9 CRITICAL

Risk Summary

Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary files to the filesystem and escalate this into arbitrary native code execution through the normal OpenPLC program compilation process, potentially resulting in code execution as the OpenPLC runtime user.

CVEs (1)

Remediations

  • OpenPLC recommends users upgrade to OpenPLC v4 as OpenPLC v3 is end-of-life and is no longer receiving patches, bug fixes, or security updates.

Affected Vendors

OpenPLC

Affected Products (1)

OpenPLC · OpenPLC v3

Affected Sectors

Critical Manufacturing, Energy, Transportation Systems, Water and Wastewater

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more