CVE-2025-53476 is a denial of service vulnerability identified in the ModbusTCP server functionality of OpenPLC version v3 (commit a931181e8b81e36fadf7b74d5cba99b73c3f6d58). The root cause is a missing release of file descriptors or handles after their effective lifetime, classified under CWE-775. An attacker can exploit this by initiating a specially crafted sequence of TCP connections to the ModbusTCP server, causing it to exhaust available file descriptors or handles. As a result, the server becomes unable to process subsequent Modbus requests, effectively causing a denial of service. The vulnerability requires no privileges or user interaction and can be exploited remotely over the network. The CVSS v3.1 base score is 5.3 (medium severity), reflecting the impact on availability only, with no confidentiality or integrity impact. No known exploits are currently reported in the wild. The vulnerability affects a specific commit of OpenPLC_v3, an open-source industrial control platform used for programmable logic controller (PLC) applications, particularly in industrial automation and critical infrastructure. The flaw could disrupt industrial processes relying on ModbusTCP communications, leading to operational downtime or safety risks if control commands are delayed or blocked.

For European organizations, especially those operating in industrial automation, manufacturing, energy, and critical infrastructure sectors, this vulnerability poses a risk of operational disruption. OpenPLC is used in programmable logic controllers that manage industrial processes; a denial of service in the ModbusTCP server can halt command processing, potentially causing production downtime, safety incidents, or cascading failures in automated systems. The impact is primarily on availability, which can translate into financial losses, regulatory non-compliance, and reputational damage. Given the reliance on industrial control systems in Europe’s manufacturing hubs (e.g., Germany, France, Italy) and energy sectors, the vulnerability could affect essential services and supply chains. Although no known exploits exist yet, the ease of exploitation (no authentication or user interaction required) means attackers could weaponize this vulnerability if they gain network access. Organizations with exposed or poorly segmented industrial networks are at higher risk.

1. Network Segmentation: Isolate industrial control networks running OpenPLC from general IT networks and the internet to reduce exposure. 2. Connection Limits: Implement firewall or network device rules to limit the number of concurrent TCP connections to the ModbusTCP server, preventing resource exhaustion. 3. Monitoring and Alerting: Deploy network monitoring to detect unusual spikes in TCP connection attempts targeting ModbusTCP ports, enabling early detection of exploitation attempts. 4. Resource Hardening: Configure operating system limits on file descriptors and handles to prevent exhaustion and enable graceful degradation. 5. Vendor Patching: Monitor OpenPLC project updates and apply patches or updated versions addressing this vulnerability as soon as they become available. 6. Access Controls: Restrict access to ModbusTCP services to trusted hosts and networks only, using VPNs or secure tunnels where possible. 7. Incident Response Preparation: Develop and test response plans for industrial control system denial of service scenarios to minimize downtime impact.