#VU84100 Use of default credentials in Unitronics Vision - CVE-2023-6448
Published: December 12, 2023
Vulnerability identifier: #VU84100
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2023-6448
CWE-ID: CWE-1392
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Unitronics Vision
Unitronics Vision
Software vendor:
Unitronics
Unitronics
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to Unitronics Vision Series PLCs and HMIs use default administrative passwords. A remote attacker with network access to a PLC or HMI can gain administrative control over the system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
It is recommended to change the default administrative password ASAP.
External links
- https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
- https://www.waterisac.org/portal/tlpclear-cisa-releases-alert-exploitation-unitronics-plcs-used-water-and-wastewater-systems
- https://www.waterisac.org/portal/tlpclear-water-utility-control-system-cyber-incident-advisory-icsscada-incident-municipal