Aggregates CVE and security vulnerability intelligence across all unitronics-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling and vendor risk buffer overflow, with potential vendor impact file overwrite and vendor impact application crash across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-38435 | Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service | [email protected] | 6.5 | 0.11% | 2024-07-21 | 2025-07-21 |
| CVE-2024-27774 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | [email protected] | 7.5 | 0.07% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27773 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE | [email protected] | 8.8 | 0.09% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27772 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE | [email protected] | 8.8 | 0.69% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27771 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 8.8 | 0.16% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27770 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal | [email protected] | 8.8 | 0.15% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27769 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices | [email protected] | 8.8 | 0.10% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27768 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 9.8 | 0.15% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27767 | CWE-287: Improper Authentication may allow Authentication Bypass | [email protected] | 10.0 | 0.04% | 2024-03-18 | 2025-03-10 |
| CVE-2023-6448 KEV | Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.8 | 13.29% | 2023-12-05 | 2026-02-26 |
| CVE-2023-2003 | Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | [email protected] | 9.1 | 0.37% | 2023-07-13 | 2026-01-08 |
| CVE-2016-4519 | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | [email protected] | 9.8 | 9.75% | 2016-06-25 | 2026-05-06 |
| CVE-2015-7939 | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | [email protected] | 9.6 | 1.61% | 2016-01-09 | 2026-05-06 |
| CVE-2015-7905 | Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | [email protected] | 7.5 | 1.86% | 2015-11-13 | 2026-05-06 |
| CVE-2015-6478 | Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. | [email protected] | 6.8 | 1.64% | 2015-11-13 | 2026-05-06 |