CVE-2025-54811

7.1 HIGH

Denial of Service

📋 TL;DR

OpenPLC_V3 has a remote unauthenticated denial-of-service vulnerability in its enipThread function. Attackers can crash the PLC runtime by triggering an illegal instruction, halting all automation and control logic. This affects all systems running vulnerable versions of OpenPLC_V3.

💻 Affected Systems

Products:

• OpenPLC_V3

Versions: All versions prior to patch

Operating Systems: Linux, Windows, Raspberry Pi OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using the vulnerable enipThread function in server mode.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete shutdown of industrial control processes, causing production stoppage, safety system failures, or environmental incidents.

🟠

Likely Case

Temporary disruption of PLC operations requiring manual restart and potential process downtime.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation allows direct attacks from internet.

🏢 Internal Only: HIGH - Even internally, unauthenticated access makes exploitation trivial.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple remote trigger via starting server multiple times or causing unexpected exit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest patched version

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-05

Restart Required: Yes

Instructions:

1. Check OpenPLC_V3 GitHub repository for latest release
2. Update to patched version
3. Restart OpenPLC service
4. Verify functionality

🔧 Temporary Workarounds

Network Segmentation

all

Isolate OpenPLC systems from untrusted networks

Access Control

linux

Implement firewall rules to restrict access to OpenPLC ports

Copy

sudo ufw deny 44818/tcp
sudo ufw deny 44818/udp

🧯 If You Can't Patch

• Implement strict network segmentation to isolate PLC from untrusted networks
• Deploy intrusion detection monitoring for abnormal PLC restarts/crashes

🔍 How to Verify

Check if Vulnerable:

Copy

Check if OpenPLC_V3 crashes when server is started multiple times or exits unexpectedly

Check Version:

Copy

Check OpenPLC web interface or run with --version flag

Verify Fix Applied:

Copy

Test that server no longer crashes under the same conditions

📡 Detection & Monitoring

Log Indicators:

• Unexpected PLC process termination
• Server restart events
• Illegal instruction errors in system logs

Network Indicators:

• Multiple connection attempts to port 44818
• Abnormal ENIP/CIP traffic patterns

SIEM Query:

Copy

source="openplc.log" AND ("crash" OR "terminated" OR "illegal instruction")

📊 Metadata

CVE ID: CVE-2025-54811

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-758

EPSS Score: 0.05% exploit probability (14.6th percentile)

Published: October 1, 2025

Last Updated: October 2, 2025

🔗 References

• https://github.com/thiagoralves/OpenPLC_v3
• https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-05

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON