CVE-2023-6448
Unitronics VisiLogic uses a default administrative password
In short
Unitronics VisiLogic software comes with a default administrative password that never changes. An attacker on the network can use this password to gain full control of the system without needing valid credentials.
Technical detail
CWE-1188 involves hardcoded default credentials in Unitronics VisiLogic versions prior to 9.9.00. An unauthenticated remote attacker with network access to the affected Vision or Samba PLC/HMI can authenticate using the default administrative password to achieve complete system compromise.
Summary generated and translated by AI from the official description.
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Unitronics · VisiLogicWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdfhttps://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdfhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6448https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systemshttps://www.unitronicsplc.com/cyber_security_vision-samba/