OpenPLC v3
Summary
A critical vulnerability, CVE-2026-14480, has been identified in OpenPLC v3, allowing authenticated attackers to write arbitrary files to the filesystem. This could lead to arbitrary native code execution by exploiting the normal OpenPLC program compilation process.
IFF Assessment
The vulnerability allows for arbitrary code execution, posing a direct threat to the integrity and availability of critical infrastructure systems running OpenPLC.
Severity
The CVSS score of 9.9 reflects the high severity of the vulnerability, with an attack vector allowing remote exploitation by an authenticated user, a high attack complexity, and a critical impact on confidentiality, integrity, and availability, enabling arbitrary code execution.
Defender Context
This vulnerability in OpenPLC v3 poses a significant risk to critical infrastructure sectors like manufacturing and energy. Defenders must prioritize patching or upgrading to OpenPLC v4 and implement strict access controls to prevent unauthorized file writes and code execution.