CVE-2018-20818
CRITICALOpenPLC v2 and v3 Firmware - Buffer Overflow in modbus.cpp mapUnusedIO()
Title source: llmDescription
A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://arxiv.org/pdf/1809.07477
Scores
CVSS v3
9.8
EPSS
0.0153
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (2)
openplcproject/openplc_v2_firmware
openplcproject/openplc_v3_firmware
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026