8 matches found
CVE-2024-27768
CVE-2024-27768 affects Unitronics Unistream Unilogic before version 1.35.227. The issue is a Path Traversal vulnerability that may allow remote code execution (RCE) by accessing files outside the web root. Affected component appears to be the Unilogic software on Unitronics Unistream controllers....
CVE-2024-27767
CVE-2024-27767 affects Unitronics Unistream Unilogic (PLC software platform). The issue is an improper authentication weakness that may allow an authentication bypass. Reported for versions prior to 1.35.227. Impact is reported as severe/total access potential to restricted functions. Remediation...
CVE-2024-27769
The CVE-2024-27769 vulnerability affects Unitronics Unistream Unilogic (Unitronics Unistream PLCs). Affected versions are prior to 1.35.227. The root cause is information disclosure to unauthorized actors, enabling disclosure of sensitive data and potentially allowing an attacker to take ownershi...
CVE-2024-27770
Unitronics Unistream Unilogic (versions prior to 1.35.227) is affected by CWE-23 Relative Path Traversal in the web-facing component. An attacker could access files outside the web root directory, exposing sensitive data. Remediation: upgrade to version 1.35.227 or later; as a temporary measure, ...
CVE-2024-27773
CVE-2024-27773 affects Unitronics Unistream Unilogic (Unitronics PLC software). Affects Unilogic versions prior to 1.35.227. Root cause per sources: use of less trusted sources, which may allow remote code execution (RCE). Impact is high (network access, local privileges, unauthenticated/low-priv...
CVE-2024-27774
Summary (CVE-2024-27774) : Unitronics Unistream Unilogic is affected in versions prior to 1.35.227. The root cause is the use of hard-coded passwords, which may disclose sensitive information embedded in the device firmware (high confidentiality impact). Affected component is the Unilogic firmwar...
CVE-2024-27771
CVE-2024-27771 affects Unitronics Unistream Unilogic; versions prior to 1.35.227 are vulnerable due to a path traversal flaw (CWE-22) that may allow remote code execution. Impact described as high severity with network access and privileges required low; potential full compromise of affected PLCs...
CVE-2024-27772
CVE-2024-27772 affects Unitronics Unistream Unilogic prior to version 1.35.227. The vulnerability is an OS Command Injection that can lead to Remote Code Execution (RCE). The CVSSv3.1 vector indicates network attack with low complexity and requires low privileges, no user interaction, and results...