Unitronics
Products
6- 8 CVEs
- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4519 | Cri | 0.64 | 9.8 | 0.04 | Jun 25, 2016 | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | ||
| CVE-2015-7939 | Cri | 0.63 | 9.6 | 0.05 | Jan 9, 2016 | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | ||
| CVE-2024-38434 | Med | 0.42 | 6.5 | 0.00 | Jul 21, 2024 | Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass | ||
| CVE-2023-6448 | 0.13 | — | 0.02 | KEV | Dec 5, 2023 | Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | ||
| CVE-2024-38435 | 0.00 | — | 0.00 | Jul 21, 2024 | Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service | |||
| CVE-2024-27774 | 0.00 | — | 0.00 | Mar 18, 2024 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | |||
| CVE-2024-27773 | 0.00 | — | 0.00 | Mar 18, 2024 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE | |||
| CVE-2024-27772 | 0.00 | — | 0.02 | Mar 18, 2024 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE | |||
| CVE-2024-27771 | 0.00 | — | 0.01 | Mar 18, 2024 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | |||
| CVE-2024-27770 | 0.00 | — | 0.01 | Mar 18, 2024 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal | |||
| CVE-2024-27769 | 0.00 | — | 0.01 | Mar 18, 2024 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices | |||
| CVE-2024-27768 | 0.00 | — | 0.01 | Mar 18, 2024 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | |||
| CVE-2024-27767 | 0.00 | — | 0.01 | Mar 18, 2024 | CWE-287: Improper Authentication may allow Authentication Bypass | |||
| CVE-2023-2003 | 0.00 | — | 0.01 | Jul 13, 2023 | Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed… | |||
| CVE-2015-7905 | 0.00 | — | 0.05 | Nov 13, 2015 | Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | |||
| CVE-2015-6478 | 0.00 | — | 0.02 | Nov 13, 2015 | Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. | |||
| CVE-2011-5086 | 0.00 | — | 0.02 | Apr 18, 2012 | https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site. |
- risk 0.64cvss 9.8epss 0.04
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
- risk 0.63cvss 9.6epss 0.05
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
- risk 0.42cvss 6.5epss 0.00
Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass
- risk 0.13cvss —epss 0.02
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
- CVE-2024-38435Jul 21, 2024risk 0.00cvss —epss 0.00
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
- CVE-2024-27774Mar 18, 2024risk 0.00cvss —epss 0.00
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
- CVE-2024-27773Mar 18, 2024risk 0.00cvss —epss 0.00
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE
- CVE-2024-27772Mar 18, 2024risk 0.00cvss —epss 0.02
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE
- CVE-2024-27771Mar 18, 2024risk 0.00cvss —epss 0.01
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
- CVE-2024-27770Mar 18, 2024risk 0.00cvss —epss 0.01
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal
- CVE-2024-27769Mar 18, 2024risk 0.00cvss —epss 0.01
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices
- CVE-2024-27768Mar 18, 2024risk 0.00cvss —epss 0.01
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
- CVE-2024-27767Mar 18, 2024risk 0.00cvss —epss 0.01
CWE-287: Improper Authentication may allow Authentication Bypass
- CVE-2023-2003Jul 13, 2023risk 0.00cvss —epss 0.01
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed…
- CVE-2015-7905Nov 13, 2015risk 0.00cvss —epss 0.05
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.
- CVE-2015-6478Nov 13, 2015risk 0.00cvss —epss 0.02
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
- CVE-2011-5086Apr 18, 2012risk 0.00cvss —epss 0.02
https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site.