VYPR
Vendor

Unitronics

Products
6
CVEs
17
Across products
17
Status
Private

Products

6

Recent CVEs

17
  • CVE-2016-4519CriJun 25, 2016
    risk 0.64cvss 9.8epss 0.04

    Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.

  • CVE-2015-7939CriJan 9, 2016
    risk 0.63cvss 9.6epss 0.05

    Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

  • CVE-2024-38434MedJul 21, 2024
    risk 0.42cvss 6.5epss 0.00

    Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass

  • CVE-2023-6448KEVDec 5, 2023
    risk 0.13cvss epss 0.02

    Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.

  • CVE-2024-38435Jul 21, 2024
    risk 0.00cvss epss 0.00

    Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service

  • CVE-2024-27774Mar 18, 2024
    risk 0.00cvss epss 0.00

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware

  • CVE-2024-27773Mar 18, 2024
    risk 0.00cvss epss 0.00

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE

  • CVE-2024-27772Mar 18, 2024
    risk 0.00cvss epss 0.02

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE

  • CVE-2024-27771Mar 18, 2024
    risk 0.00cvss epss 0.01

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

  • CVE-2024-27770Mar 18, 2024
    risk 0.00cvss epss 0.01

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal

  • CVE-2024-27769Mar 18, 2024
    risk 0.00cvss epss 0.01

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices

  • CVE-2024-27768Mar 18, 2024
    risk 0.00cvss epss 0.01

    Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

  • CVE-2024-27767Mar 18, 2024
    risk 0.00cvss epss 0.01

    CWE-287: Improper Authentication may allow Authentication Bypass

  • CVE-2023-2003Jul 13, 2023
    risk 0.00cvss epss 0.01

    Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed…

  • CVE-2015-7905Nov 13, 2015
    risk 0.00cvss epss 0.05

    Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.

  • CVE-2015-6478Nov 13, 2015
    risk 0.00cvss epss 0.02

    Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.

  • CVE-2011-5086Apr 18, 2012
    risk 0.00cvss epss 0.02

    https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site.