CNNVD-202512-2568 Information

CNNVD ID

CNNVD-202512-2568

Related CVE

CVE-2025-13970

• CNNVD Published: 2025-12-13

Description (Chinese)

OpenPLC Runtime version 3是Thiago Alves个人开发者的一个可编程逻辑控制器。 OpenPLC Runtime version 3 存在跨站请求伪造漏洞，该漏洞源于缺少CSRF验证，可能导致跨站请求伪造攻击。

Description (English)

OpenPLC Runtme version 3 is a programmable logical controller for Thiago Alves personal developers. OpenPLC Runtme version 3 has a false gap in cross-site requests, which stems from the lack of CSRF verification and may lead to cross-site requests for false attacks.

Hazard Level

Medium

Vulnerability Type

跨站请求伪造

Affected Vendor

个人开发者

Published

2025-12-13

Last Modified

2026-02-24

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-345-10.json https://github.com/thiagoralves/OpenPLC_v3 https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10 https://access.redhat.com/security/cve/cve-2025-13970

Patch

https://autonomylogic.com/download-windows