Security Advisory

CVE-2025-13970

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-13 00:03:20
Last updated 2025-12-15 15:36:00
Assigner icscert
State PUBLISHED

Description

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settings or the upload of malicious programs which could lead to significant disruption or damage to connected systems.