CVE-2026-14480
Gravedad CVSS v4.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
10/07/2026
Última modificación:
10/07/2026
Descripción
*** Pendiente de traducción *** OpenPLC Runtime v3 contains an authenticated arbitrary file write <br />
vulnerability in the legacy web UI program‑upload workflow. The <br />
application stores an attacker‑supplied filename (prog_file) directly <br />
into the Programs.File database field and later uses this value as the <br />
destination path for an uploaded file without validating or restricting <br />
the path. Because Python os.path.join() honors attacker‑controlled <br />
absolute paths, an authenticated user can write arbitrary files anywhere<br />
writable by the OpenPLC webserver process. In the default build <br />
pipeline, all C++ source files within the OpenPLC runtime core directory<br />
are automatically compiled into the executable runtime binary. By <br />
writing a malicious .cpp file into this directory, an authenticated <br />
attacker can escalate the arbitrary file write into arbitrary native <br />
code execution when the operator triggers a normal program compilation <br />
and runtime start.
Impacto
Puntuación base 4.0
8.70
Gravedad 4.0
ALTA
Puntuación base 3.x
9.90
Gravedad 3.x
CRÍTICA



