Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
Conclusion & alert: CVE-2023-6448 is rated Critical Active Threat (100/100): CVSS Critical severity, with high exploitation likelihood (EPSS 13.29%, 94th percentile). Core evidence: CISA KEV confirms active exploitation (added 2023-12-11) affecting Unitronics / Vision PLC and HMI. a weakness (CWE-1188) Unauthenticated remote administrative access may be possible. EPSS rose +3.03% over the last day, indicating growing attacker interest. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Unitronics Vision PLC and HMI Insecure Default Password Vulnerability · CISA KEV detail
: 2023-12-11
: 2023-12-18
: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-12-23 | 10.26% | 13.29% | +3.03% |
| 2 | 2025-11-21 | 20.43% | 10.26% | -10.17% |
| 3 | 2025-11-18 | — | 20.43% | — |
Full EPSS history (27 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | 9119a7d8-5eab-497f-8521-727c672e3725 |
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| unitronics | vision1210_firmware | < 12.38 | cpe:2.3:o:unitronics:vision1210_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision1040_firmware | < 12.38 | cpe:2.3:o:unitronics:vision1040_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision700_firmware | < 12.38 | cpe:2.3:o:unitronics:vision700_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision570_firmware | < 12.38 | cpe:2.3:o:unitronics:vision570_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision560_firmware | < 12.38 | cpe:2.3:o:unitronics:vision560_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision430_firmware | < 12.38 | cpe:2.3:o:unitronics:vision430_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision350_firmware | < 12.38 | cpe:2.3:o:unitronics:vision350_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision130_firmware | < 12.38 | cpe:2.3:o:unitronics:vision130_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision230_firmware | < 12.38 | cpe:2.3:o:unitronics:vision230_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision280_firmware | < 12.38 | cpe:2.3:o:unitronics:vision280_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision290_firmware | < 12.38 | cpe:2.3:o:unitronics:vision290_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision530_firmware | < 12.38 | cpe:2.3:o:unitronics:vision530_firmware:*:*:*:*:*:*:*:* |
| unitronics | vision120_firmware | < 12.38 | cpe:2.3:o:unitronics:vision120_firmware:*:*:*:*:*:*:*:* |
| unitronics | visilogic | < 9.9.00 | cpe:2.3:a:unitronics:visilogic:*:*:*:*:*:*:*:* |
| unitronics | samba_3.5_firmware | < 12.38 | cpe:2.3:o:unitronics:samba_3.5_firmware:*:*:*:*:*:*:*:* |
| unitronics | samba_4.3_firmware | < 12.38 | cpe:2.3:o:unitronics:samba_4.3_firmware:*:*:*:*:*:*:*:* |
| unitronics | samba_7_firmware | < 12.38 | cpe:2.3:o:unitronics:samba_7_firmware:*:*:*:*:*:*:*:* |