CVE-2023-6448

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.

Recent assessments:

cbeek-r7 at December 13, 2023 10:51am UTC reported:

The Cybersecurity and Infrastructure Security Agency (CISA) is actively addressing a situation involving the unauthorized use of Unitronics programmable logic controllers (PLCs), specifically in the Water and Wastewater Systems (WWS) Sector. These PLCs, vital for water treatment processes, have been compromised by cyber attackers, particularly targeting a specific Unitronics PLC at a water facility in the United States. In reaction, the local water authority responsible for the facility promptly disconnected the compromised system from their network and reverted to manual operations. Fortunately, there is no immediate threat to the community’s drinking water or overall water supply.

Unauthorized access and efforts to breach the security of WWS systems pose a significant risk. Such actions can disrupt the provision of clean drinking water and the efficient treatment of wastewater in affected communities.

The cybercriminals in this instance seemingly gained access to the targeted device, a Unitronics Vision Series PLC equipped with a Human Machine Interface (HMI), by exploiting cybersecurity vulnerabilities. These vulnerabilities include inadequate password security measures and the PLC’s exposure to the internet.

By default the Unitronics PLC default password = “1111”

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5