CVE-2024-1480 Unitronics CVE debrief

Who should care

Industrial control system operators, OT security teams, manufacturing security personnel, critical infrastructure defenders, and organizations using Unitronics Vision Legacy PLCs in production environments should prioritize assessment and mitigation of this vulnerability.

Technical summary

The Unitronics Vision Legacy series PLCs expose the 'Information Mode' password in plaintext to remote, unauthenticated attackers. This password disclosure vulnerability enables unauthorized individuals to gain administrative access to PLC configuration and operational parameters. The attack requires network access to the PLC, typically via TCP/20256 (default programmer port). The vulnerability affects all versions of five PLC models: Vision 120, 230, 280, 290, and 530. No patch is available; mitigation relies on configuration changes and network access controls.

Defensive priority

HIGH

Recommended defensive actions

• Change the default 'Info Mode' password (1111) via system integer SI 253 on affected PLCs
• Restrict Ethernet access to PLCs with Ethernet cards by implementing PLC multi-factor access using SB 314
• Apply multi-factor VPN protection for remote access to PLC services
• Restrict access to TCP/20256 by changing the default programmer port or applying multi-factor VPN protection
• Follow Unitronics published recommendations or contact Unitronics technical support for additional guidance
• Apply network segmentation to isolate affected PLCs from untrusted networks
• Monitor for unauthorized access attempts on TCP/20256 and PLC management interfaces

Evidence notes

Source: CISA CSAF advisory ICSA-24-109-01. CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. Affected products confirmed via CSAF product tree: Vision 230, 280, 290, 530, 120 (all versions). Vendor mitigations added in Update A (April 30, 2024).

Official resources