Lucene search

Unitronics Security Vulnerabilities

cve

CVE-2024-1480

Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-04-19 10:15 PM

cve

CVE-2024-27770

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2024-27769

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2024-27773

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2024-27771

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow...

8.8CVSS

6.8AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2024-27774

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's...

7.5CVSS

6.8AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2024-27767

CWE-287: Improper Authentication may allow Authentication...

10CVSS

6.9AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2024-27772

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow...

8.8CVSS

6.9AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2024-27768

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow...

9.8CVSS

6.8AI Score

0.0004EPSS

2024-03-18 02:15 PM

cve

CVE-2023-6448

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable...

9.8CVSS

9.4AI Score

0.068EPSS

2023-12-05 06:15 PM

177

In Wild

cve

CVE-2023-2003

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the...

9.8CVSS

9.2AI Score

0.002EPSS

2023-07-13 12:15 PM

cve

CVE-2016-4519

Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp...

9.8CVSS

9.7AI Score

0.06EPSS

2016-06-25 01:59 AM

cve

CVE-2015-7939

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp...

9.6CVSS

9.7AI Score

0.276EPSS

2016-01-09 02:59 AM

cve

CVE-2015-7905

Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown...

7.2AI Score

0.342EPSS

2015-11-13 03:59 AM

cve

CVE-2015-6478

Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web...

6.6AI Score

0.183EPSS

2015-11-13 03:59 AM