Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVSS
6.5
MEDIUM
Published
Jul 21, 2024
Loading
Vendor coverage
Track published CVEs, severity trends, and remediation context for unitronics products.
Search results
Showing 1-15 of 15 vulnerabilities.
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
CVSS
6.5
MEDIUM
Published
Jul 21, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
CVSS
7.5
HIGH
Published
Mar 18, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE
CVSS
8.8
HIGH
Published
Mar 18, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE
CVSS
8.8
HIGH
Published
Mar 18, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
CVSS
8.8
HIGH
Published
Mar 18, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal
CVSS
8.8
HIGH
Published
Mar 18, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices
CVSS
8.8
HIGH
Published
Mar 18, 2024
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
CVSS
9.8
CRITICAL
Published
Mar 18, 2024
CWE-287: Improper Authentication may allow Authentication Bypass
CVSS
10.0
CRITICAL
Published
Mar 18, 2024
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
CVSS
9.8
CRITICAL
Published
Dec 5, 2023
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.
CVSS
9.1
CRITICAL
Published
Jul 13, 2023
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
CVSS
9.8
CRITICAL
Published
Jun 25, 2016
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
CVSS
9.6
CRITICAL
Published
Jan 9, 2016
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.
CVSS
7.5
UNKNOWN
Published
Nov 13, 2015
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
CVSS
6.8
UNKNOWN
Published
Nov 13, 2015