Unitronics CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Unitronics CVE published 2024-04-18

CVE-2024-1480

A critical vulnerability in Unitronics Vision Legacy series PLCs allows remote, unauthenticated attackers to retrieve the 'Information Mode' password in plaintext. This exposes affected industrial control systems to unauthorized access and potential operational disruption. The vulnerability carries a HIGH severity CVSS 3.1 score of 7.5, reflecting its network attack vector, low complexity, and high confid [truncated]

Known exploited Unitronics CVE published 2023-12-11

CVE-2023-6448

CVE-2023-6448 is a Unitronics Vision PLC and HMI issue involving an insecure default password. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-12-11, with remediation due by 2023-12-18, which makes it a high-priority defensive item for operational technology environments.