Filtered by vendor Unitronics
Subscribe
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6448 | 1 Unitronics | 33 Samba 3.5, Samba 3.5 Firmware, Samba 4.3 and 30 more | 2026-02-26 | N/A | 9.8 CRITICAL |
|
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
|
|||||
| CVE-2023-2003 | 1 Unitronics | 2 Vision1210, Vision1210 Firmware | 2026-01-08 | N/A | 9.1 CRITICAL |
|
Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.
|
|||||
| CVE-2024-38435 | 1 Unitronics | 1 Visilogic | 2025-07-21 | N/A | 6.5 MEDIUM |
|
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service
|
|||||
| CVE-2015-7905 | 1 Unitronics | 1 Visilogic Oplc Ide | 2025-04-12 | 7.5 HIGH | N/A |
|
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.
|
|||||
| CVE-2016-4519 | 1 Unitronics | 1 Visilogic Oplc Ide | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
|
|||||
| CVE-2015-7939 | 1 Unitronics | 1 Visilogic Oplc Ide | 2025-04-12 | 9.3 HIGH | 9.6 CRITICAL |
|
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.
|
|||||
| CVE-2015-6478 | 1 Unitronics | 1 Visilogic Oplc Ide | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.
|
|||||
| CVE-2024-27774 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 7.5 HIGH |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
|
|||||
| CVE-2024-27773 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-348: Use of Less Trusted Source may allow RCE
|
|||||
| CVE-2024-27772 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-78: 'OS Command Injection' may allow RCE
|
|||||
| CVE-2024-27771 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-22: 'Path Traversal' may allow RCE
|
|||||
| CVE-2024-27770 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-23: Relative Path Traversal
|
|||||
| CVE-2024-27769 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 8.8 HIGH |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 -
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices
|
|||||
| CVE-2024-27768 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 9.8 CRITICAL |
|
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
|
|||||
| CVE-2024-27767 | 1 Unitronics | 1 Unilogic | 2025-03-10 | N/A | 10.0 CRITICAL |
|
CWE-287: Improper Authentication may allow Authentication Bypass
|
|||||