unitronics 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥 and バッファオーバーフロー があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き、アプリケーションクラッシュ, and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-38435 | Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service | [email protected] | 6.5 | 0.11% | 2024-07-21 | 2025-07-21 |
| CVE-2024-27774 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | [email protected] | 7.5 | 0.07% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27773 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE | [email protected] | 8.8 | 0.09% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27772 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE | [email protected] | 8.8 | 0.69% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27771 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 8.8 | 0.16% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27770 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal | [email protected] | 8.8 | 0.15% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27769 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices | [email protected] | 8.8 | 0.10% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27768 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 9.8 | 0.15% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27767 | CWE-287: Improper Authentication may allow Authentication Bypass | [email protected] | 10.0 | 0.04% | 2024-03-18 | 2025-03-10 |
| CVE-2023-6448 KEV | Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.8 | 13.29% | 2023-12-05 | 2026-02-26 |
| CVE-2023-2003 | Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | [email protected] | 9.1 | 0.37% | 2023-07-13 | 2026-01-08 |
| CVE-2016-4519 | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | [email protected] | 9.8 | 9.75% | 2016-06-25 | 2026-05-06 |
| CVE-2015-7939 | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | [email protected] | 9.6 | 1.61% | 2016-01-09 | 2026-05-06 |
| CVE-2015-7905 | Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | [email protected] | 7.5 | 1.86% | 2015-11-13 | 2026-05-06 |
| CVE-2015-6478 | Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. | [email protected] | 6.8 | 1.64% | 2015-11-13 | 2026-05-06 |