MidnightBSD

Advisories for unitronics

CVE-2015-6478 MEDIUM

Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
unitronics visilogic_oplc_ide *
CVE-2015-7905 HIGH

Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
unitronics visilogic_oplc_ide *
CVE-2015-7939 HIGH

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
unitronics visilogic_oplc_ide *
CVE-2016-4519 HIGH

Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
unitronics visilogic_oplc_ide *
CVE-2023-6448

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
9119a7d8-5eab-497f-8521-727c672e3725 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
unitronics vision570_firmware -
unitronics vision230_firmware -
unitronics vision1040_firmware -
unitronics vision560_firmware -
unitronics vision290_firmware *
unitronics vision530_firmware -
unitronics samba_7_firmware *
unitronics vision130_firmware -
unitronics vision530_firmware *
unitronics vision120_firmware -
unitronics vision1040_firmware *
unitronics vision430_firmware *
unitronics samba_4.3_firmware *
unitronics vision700_firmware *
unitronics vision700_firmware -
unitronics vision570_firmware *
unitronics vision1210_firmware *
unitronics vision430_firmware -
unitronics vision280_firmware -
unitronics vision130_firmware *
unitronics vision280_firmware *
unitronics vision350_firmware *
unitronics vision560_firmware *
unitronics vision1210_firmware -
unitronics vision350_firmware -
unitronics vision290_firmware -
unitronics visilogic *
unitronics samba_3.5_firmware *
unitronics vision230_firmware *
unitronics vision120_firmware *
CVE-2024-38435

Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
unitronics visilogic *
unitronics vision_plc *