Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unitronics | visilogic_oplc_ide | * |
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unitronics | visilogic_oplc_ide | * |
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unitronics | visilogic_oplc_ide | * |
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unitronics | visilogic_oplc_ide | * |
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| 9119a7d8-5eab-497f-8521-727c672e3725 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unitronics | vision570_firmware | - |
| unitronics | vision230_firmware | - |
| unitronics | vision1040_firmware | - |
| unitronics | vision560_firmware | - |
| unitronics | vision290_firmware | * |
| unitronics | vision530_firmware | - |
| unitronics | samba_7_firmware | * |
| unitronics | vision130_firmware | - |
| unitronics | vision530_firmware | * |
| unitronics | vision120_firmware | - |
| unitronics | vision1040_firmware | * |
| unitronics | vision430_firmware | * |
| unitronics | samba_4.3_firmware | * |
| unitronics | vision700_firmware | * |
| unitronics | vision700_firmware | - |
| unitronics | vision570_firmware | * |
| unitronics | vision1210_firmware | * |
| unitronics | vision430_firmware | - |
| unitronics | vision280_firmware | - |
| unitronics | vision130_firmware | * |
| unitronics | vision280_firmware | * |
| unitronics | vision350_firmware | * |
| unitronics | vision560_firmware | * |
| unitronics | vision1210_firmware | - |
| unitronics | vision350_firmware | - |
| unitronics | vision290_firmware | - |
| unitronics | visilogic | * |
| unitronics | samba_3.5_firmware | * |
| unitronics | vision230_firmware | * |
| unitronics | vision120_firmware | * |
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@cyber.gov.il | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unitronics | visilogic | * |
| unitronics | vision_plc | * |