#VU84100 Use of default credentials in Unitronics Vision - CVE-2023-6448

Cybersecurity Help s.r.o.

Published: 2023-12-12

Vulnerability identifier: #VU84100

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2023-6448

CWE-ID: CWE-1392

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Unitronics Vision
Server applications / SCADA systems

Vendor: Unitronics

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Unitronics Vision Series PLCs and HMIs use default administrative passwords. A remote attacker with network access to a PLC or HMI can gain administrative control over the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation
It is recommended to change the default administrative password ASAP.

Vulnerable software versions

Unitronics Vision: All versions

External links
http://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
http://www.waterisac.org/portal/tlpclear-cisa-releases-alert-exploitation-unitronics-plcs-used-water-and-wastewater-systems
http://www.waterisac.org/portal/tlpclear-water-utility-control-system-cyber-incident-advisory-icsscada-incident-municipal

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Use of default credentials in Unitronics Vision Series PLCs and HMIs