Vulnerability Details CVE-2023-6448
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.105
EPSS Ranking 92.9%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.
Ransomware Campaign
Unknown
References
- https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf
- https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf
- https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
- https://www.unitronicsplc.com/cyber_security_vision-samba/
- https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf
- https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf
- https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
- https://www.unitronicsplc.com/cyber_security_vision-samba/
Products affected by CVE-2023-6448
-
cpe:2.3:a:unitronics:visilogic:*
-
cpe:2.3:h:unitronics:samba_3.5:-
-
cpe:2.3:h:unitronics:samba_4.3:-
-
cpe:2.3:h:unitronics:samba_7:-
-
cpe:2.3:h:unitronics:vision1040:-
-
cpe:2.3:h:unitronics:vision120:-
-
cpe:2.3:h:unitronics:vision1210:-
-
cpe:2.3:h:unitronics:vision130:-
-
cpe:2.3:h:unitronics:vision230:-
-
cpe:2.3:h:unitronics:vision280:-
-
cpe:2.3:h:unitronics:vision290:-
-
cpe:2.3:h:unitronics:vision350:-
-
cpe:2.3:h:unitronics:vision430:-
-
cpe:2.3:h:unitronics:vision530:-
-
cpe:2.3:h:unitronics:vision560:-
-
cpe:2.3:h:unitronics:vision570:-
-
cpe:2.3:h:unitronics:vision700:-
-
cpe:2.3:o:unitronics:samba_3.5_firmware:-
-
cpe:2.3:o:unitronics:samba_4.3_firmware:-
-
cpe:2.3:o:unitronics:samba_7_firmware:-
-
cpe:2.3:o:unitronics:vision1040_firmware:-
-
cpe:2.3:o:unitronics:vision120_firmware:-
-
cpe:2.3:o:unitronics:vision1210_firmware:-
-
cpe:2.3:o:unitronics:vision130_firmware:-
-
cpe:2.3:o:unitronics:vision230_firmware:-
-
cpe:2.3:o:unitronics:vision280_firmware:-
-
cpe:2.3:o:unitronics:vision290_firmware:-
-
cpe:2.3:o:unitronics:vision350_firmware:-
-
cpe:2.3:o:unitronics:vision430_firmware:-
-
cpe:2.3:o:unitronics:vision530_firmware:-
-
cpe:2.3:o:unitronics:vision560_firmware:-
-
cpe:2.3:o:unitronics:vision570_firmware:-
-
cpe:2.3:o:unitronics:vision700_firmware:-