Unitronics: Security Vulnerabilities
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-21
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-78: 'OS Command Injection' may allow RCE
CVSS Score
8.8
EPSS Score
0.005
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-348: Use of Less Trusted Source may allow RCE
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
CVSS Score
7.5
EPSS Score
0.0
Published
2024-03-18
CWE-287: Improper Authentication may allow Authentication Bypass
CVSS Score
10.0
EPSS Score
0.0
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
CVSS Score
9.8
EPSS Score
0.001
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-23: Relative Path Traversal
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-22: 'Path Traversal' may allow RCE
CVSS Score
8.8
EPSS Score
0.001
Published
2024-03-18
CVE-2023-6448
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
Known exploited
CVSS Score
9.8
EPSS Score
0.105
Published
2023-12-05
Page 1