ID

VAR-202604-1661


CVE

CVE-2026-35556


TITLE

OpenPLC Project of OpenPLC_v3  Vulnerability regarding plaintext storage of authentication information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-011710

DESCRIPTION

OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information. In addition, information handled by the software will not be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-35556 // JVNDB: JVNDB-2026-011710

AFFECTED PRODUCTS

vendor:openplcprojectmodel:openplc v3scope:eqversion: -

Trust: 1.0

vendor:openplcmodel:v3scope:eqversion:openplc_v3 firmware

Trust: 0.8

vendor:openplcmodel:v3scope: - version: -

Trust: 0.8

vendor:openplcmodel:v3scope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-011710 // NVD: CVE-2026-35556

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-35556
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2026-35556
value: CRITICAL

Trust: 1.0

NVD: CVE-2026-35556
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2026-35556
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2026-35556
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-011710 // NVD: CVE-2026-35556 // NVD: CVE-2026-35556

PROBLEMTYPE DATA

problemtype:CWE-256

Trust: 1.0

problemtype:Plain text storage of authentication information (CWE-256) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-011710 // NVD: CVE-2026-35556

PATCH

title:OpenPLC_V3 (Update A) | CISAurl:https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10

Trust: 0.8

sources: JVNDB: JVNDB-2026-011710

EXTERNAL IDS

db:NVDid:CVE-2026-35556

Trust: 2.6

db:ICS CERTid:ICSA-25-345-10

Trust: 1.0

db:JVNDBid:JVNDB-2026-011710

Trust: 0.8

sources: JVNDB: JVNDB-2026-011710 // NVD: CVE-2026-35556

REFERENCES

url:https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-10

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-35556

Trust: 0.8

sources: JVNDB: JVNDB-2026-011710 // NVD: CVE-2026-35556

SOURCES

db:JVNDBid:JVNDB-2026-011710
db:NVDid:CVE-2026-35556

LAST UPDATE DATE

2026-06-19T22:32:59.678000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-011710date:2026-04-20T02:39:00
db:NVDid:CVE-2026-35556date:2026-04-16T20:49:30.617

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-011710date:2026-04-20T00:00:00
db:NVDid:CVE-2026-35556date:2026-04-09T19:16:25.663