Lucene search

Cisa-cgCVE-2023-6448

HistoryDec 05, 2023 - 6:15 p.m.

CVE-2023-6448

2023-12-0518:15:12

CWE-1188

CWE-798

cisa-cg

web.nvd.nist.gov

183

In Wild

unitronics

vision series

plcs

hmis

default passwords

unauthorized access

cve-2023-6448

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.039

Percentile

92.1%

JSON

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.

Affected configurations

Nvd

Node

unitronicsvision1210_firmwareRange<12.38

AND

unitronicsvision1210Match-

Node

unitronicsvision1040_firmwareRange<12.38

AND

unitronicsvision1040Match-

Node

unitronicsvision700_firmwareRange<12.38

AND

unitronicsvision700Match-

Node

unitronicsvision570_firmwareRange<12.38

AND

unitronicsvision570Match-

Node

unitronicsvision560_firmwareRange<12.38

AND

unitronicsvision560Match-

Node

unitronicsvision430_firmwareRange<12.38

AND

unitronicsvision430Match-

Node

unitronicsvision350_firmwareRange<12.38

AND

unitronicsvision350Match-

Node

unitronicsvision130_firmwareRange<12.38

AND

unitronicsvision130Match-

Node

unitronicsvision230_firmwareRange<12.38

AND

unitronicsvision230Match-

Node

unitronicsvision280_firmwareRange<12.38

AND

unitronicsvision280Match-

Node

unitronicsvision290_firmwareRange<12.38

AND

unitronicsvision290Match-

Node

unitronicsvision530_firmwareRange<12.38

AND

unitronicsvision530Match-

Node

unitronicsvision120_firmwareRange<12.38

AND

unitronicsvision120Match-

Node

unitronicsvisilogicRange<9.9.00

Node

unitronicssamba_3.5_firmwareRange<12.38

AND

unitronicssamba_3.5Match-

Node

unitronicssamba_4.3_firmwareRange<12.38

AND

unitronicssamba_4.3Match-

Node

unitronicssamba_7_firmwareRange<12.38

AND

unitronicssamba_7Match-

VendorProductVersionCPE
unitronicsvision1210_firmware*cpe:2.3:o:unitronics:vision1210_firmware:*:*:*:*:*:*:*:*
unitronicsvision1210-cpe:2.3:h:unitronics:vision1210:-:*:*:*:*:*:*:*
unitronicsvision1040_firmware*cpe:2.3:o:unitronics:vision1040_firmware:*:*:*:*:*:*:*:*
unitronicsvision1040-cpe:2.3:h:unitronics:vision1040:-:*:*:*:*:*:*:*
unitronicsvision700_firmware*cpe:2.3:o:unitronics:vision700_firmware:*:*:*:*:*:*:*:*
unitronicsvision700-cpe:2.3:h:unitronics:vision700:-:*:*:*:*:*:*:*
unitronicsvision570_firmware*cpe:2.3:o:unitronics:vision570_firmware:*:*:*:*:*:*:*:*
unitronicsvision570-cpe:2.3:h:unitronics:vision570:-:*:*:*:*:*:*:*
unitronicsvision560_firmware*cpe:2.3:o:unitronics:vision560_firmware:*:*:*:*:*:*:*:*
unitronicsvision560-cpe:2.3:h:unitronics:vision560:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
unitronics	vision1210_firmware	*	cpe:2.3:o:unitronics:vision1210_firmware::::::::
unitronics	vision1210	-	cpe:2.3:h:unitronics:vision1210:-:::::::*
unitronics	vision1040_firmware	*	cpe:2.3:o:unitronics:vision1040_firmware::::::::
unitronics	vision1040	-	cpe:2.3:h:unitronics:vision1040:-:::::::*
unitronics	vision700_firmware	*	cpe:2.3:o:unitronics:vision700_firmware::::::::
unitronics	vision700	-	cpe:2.3:h:unitronics:vision700:-:::::::*
unitronics	vision570_firmware	*	cpe:2.3:o:unitronics:vision570_firmware::::::::
unitronics	vision570	-	cpe:2.3:h:unitronics:vision570:-:::::::*
unitronics	vision560_firmware	*	cpe:2.3:o:unitronics:vision560_firmware::::::::
unitronics	vision560	-	cpe:2.3:h:unitronics:vision560:-:::::::*

Rows per page:

1-10 of 331

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "VisiLogic",
    "vendor": "Unitronics",
    "versions": [
      {
        "lessThan": "9.9.00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]