CVE-2026-35556

Summary

OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.

Affected Software

VendorProductVersion RangeStatus
OpenPLC_V3OpenPLC_V3All versionsaffected

Weaknesses

  • CWE-256: CWE-256 Plaintext storage of a password

Workarounds

OpenPLC_v3 is now considered to be end of life. Users are recommended to upgrade to OpenPLC Runtime v4 ( https://github.com/autonomy-logic/openplc-runtime ).

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References