ID

VAR-202604-1659


CVE

CVE-2026-28205


TITLE

OpenPLC Project of OpenPLC_v3  Vulnerability in firmware where resources are initialized to insecure default values

Trust: 0.8

sources: JVNDB: JVNDB-2026-013428

DESCRIPTION

OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-28205 // JVNDB: JVNDB-2026-013428

AFFECTED PRODUCTS

vendor:openplcprojectmodel:openplc v3scope:eqversion: -

Trust: 1.0

vendor:openplcmodel:v3scope:eqversion:openplc_v3 firmware

Trust: 0.8

vendor:openplcmodel:v3scope:eqversion: -

Trust: 0.8

vendor:openplcmodel:v3scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-013428 // NVD: CVE-2026-28205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-28205
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2026-28205
value: CRITICAL

Trust: 1.0

NVD: CVE-2026-28205
value: CRITICAL

Trust: 0.8

nvd@nist.gov: CVE-2026-28205
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2026-28205
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-013428 // NVD: CVE-2026-28205 // NVD: CVE-2026-28205

PROBLEMTYPE DATA

problemtype:CWE-1188

Trust: 1.0

problemtype:Initializing Resources to Unsafe Default Values (CWE-1188) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-013428 // NVD: CVE-2026-28205

PATCH

title:OpenPLC_V3 (Update A) | CISAurl:https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10

Trust: 0.8

sources: JVNDB: JVNDB-2026-013428

EXTERNAL IDS

db:NVDid:CVE-2026-28205

Trust: 2.6

db:ICS CERTid:ICSA-25-345-10

Trust: 1.0

db:JVNDBid:JVNDB-2026-013428

Trust: 0.8

sources: JVNDB: JVNDB-2026-013428 // NVD: CVE-2026-28205

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-28205

Trust: 0.8

sources: JVNDB: JVNDB-2026-013428 // NVD: CVE-2026-28205

SOURCES

db:JVNDBid:JVNDB-2026-013428
db:NVDid:CVE-2026-28205

LAST UPDATE DATE

2026-06-19T22:32:59.661000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-013428date:2026-04-30T03:16:00
db:NVDid:CVE-2026-28205date:2026-04-28T17:17:50.793

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-013428date:2026-04-30T00:00:00
db:NVDid:CVE-2026-28205date:2026-04-09T19:16:23.370