Unitronics : Security Vulnerabilities, CVEs,
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
Max CVSS
7.5
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-348: Use of Less Trusted Source may allow RCE
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-78: 'OS Command Injection' may allow RCE
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-22: 'Path Traversal' may allow RCE
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-23: Relative Path Traversal
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices
Max CVSS
8.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
CWE-287: Improper Authentication may allow Authentication Bypass
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-03-18
Updated
2024-03-18
CVE-2023-6448
Known exploited
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
Max CVSS
9.8
EPSS Score
6.84%
Published
2023-12-05
Updated
2023-12-19
CISA KEV Added
2023-12-11
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
Max CVSS
9.8
EPSS Score
6.02%
Published
2016-06-25
Updated
2016-11-28
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
Max CVSS
9.6
EPSS Score
27.56%
Published
2016-01-09
Updated
2016-01-18
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.
Max CVSS
7.5
EPSS Score
29.53%
Published
2015-11-13
Updated
2017-01-12
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
Max CVSS
6.8
EPSS Score
16.27%
Published
2015-11-13
Updated
2016-12-07
13 vulnerabilities found