CVE-2023-6448 Unitronics CVE debrief

Who should care

OT/ICS owners, plant operators, industrial automation teams, system integrators, and security teams responsible for Unitronics Vision PLC and HMI deployments, especially where controllers may be reachable from public networks.

Technical summary

The publicly supplied record identifies the vulnerability as an insecure default password condition affecting Unitronics Vision PLC and HMI products. CISA classifies it as known exploited and directs defenders to apply vendor mitigations or discontinue use if mitigations are unavailable. CISA notes that, while the default password can be changed, implementors are encouraged to remove affected controllers from public networks and update the affected firmware.

Defensive priority

Urgent. This is a CISA Known Exploited Vulnerability with a short remediation window, so exposed or in-use Unitronics Vision PLC and HMI systems should be assessed and mitigated immediately.

Recommended defensive actions

• Follow the vendor's cybersecurity advisory guidance for CVE-2023-6448.
• Change the default password where supported and verify the change was applied.
• Remove affected controllers from public networks.
• Update the affected firmware.
• If mitigations are unavailable, discontinue use of the product as directed by CISA.
• Prioritize inventory checks to identify any Unitronics Vision PLC and HMI deployments that may still be exposed.

Evidence notes

The debrief is based on the CISA Known Exploited Vulnerabilities catalog entry for CVE-2023-6448 and the official CVE/NVD records. CISA metadata states the issue is an insecure default password vulnerability for Unitronics Vision PLC and HMI, marks it as known exploited, and advises vendors/implementers to apply mitigations per vendor instructions or discontinue use if mitigations are unavailable. CISA also notes that affected controllers should be removed from public networks and firmware should be updated.

Official resources