UnitronicsCVEs & Vulnerabilities

15 CVEs affecting Unitronics products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

unilogic 8visilogic oplc ide 4visilogic 2vision1210 2vision1210 firmware 2samba 7 firmware 1samba 4.3 1samba 7 1
CVE-2024-38435HIGH

Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service

21 Jul 2024
7.5
CVSS
CVE-2024-27774MEDIUM

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware

18 Mar 2024
6.5
CVSS
CVE-2024-27773HIGH

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE

18 Mar 2024
8.8
CVSS
CVE-2024-27772HIGH

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE

18 Mar 2024
8.8
CVSS
CVE-2024-27771HIGH

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

18 Mar 2024
8.8
CVSS
CVE-2024-27770HIGH

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal

18 Mar 2024
8.8
CVSS
CVE-2024-27769HIGH

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices

18 Mar 2024
8.8
CVSS
CVE-2024-27768CRITICAL

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

18 Mar 2024
9.8
CVSS
CVE-2024-27767CRITICAL

CWE-287: Improper Authentication may allow Authentication Bypass

18 Mar 2024
9.8
CVSS
CVE-2023-6448KEVCRITICALin the wild

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.

11 Dec 2023
9.8
CVSS
CVE-2023-2003CRITICAL

Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.

13 Jul 2023
9.8
CVSS
CVE-2016-4519CRITICAL

Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.

25 Jun 2016
9.8
CVSS
CVE-2015-7939CRITICAL

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

9 Jan 2016
9.6
CVSS
CVE-2015-7905HIGH

Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.

13 Nov 2015
7.5
CVSS
CVE-2015-6478MEDIUM

Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.

13 Nov 2015
6.8
CVSS
← PrevPage 1 / 1Next →