汇总 unitronics 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 路径处理缺陷与缓冲区溢出,在 生产负载与软件部署 使用场景中可能带来 文件覆盖、应用崩溃与内存损坏 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2024-38435 | Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service | [email protected] | 6.5 | 0.44% | 2024-07-21 | 2025-07-21 |
| CVE-2024-27774 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | [email protected] | 7.5 | 0.43% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27773 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE | [email protected] | 8.8 | 0.36% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27772 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE | [email protected] | 8.8 | 1.73% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27771 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 8.8 | 0.81% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27770 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal | [email protected] | 8.8 | 0.79% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27769 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices | [email protected] | 8.8 | 0.71% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27768 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 9.8 | 0.85% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27767 | CWE-287: Improper Authentication may allow Authentication Bypass | [email protected] | 10.0 | 0.68% | 2024-03-18 | 2025-03-10 |
| CVE-2023-6448 KEV | Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.8 | 2.09% | 2023-12-05 | 2026-02-26 |
| CVE-2023-2003 | Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | [email protected] | 9.1 | 0.91% | 2023-07-13 | 2026-01-08 |
| CVE-2016-4519 | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | [email protected] | 9.8 | 4.50% | 2016-06-25 | 2026-05-06 |
| CVE-2015-7939 | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | [email protected] | 9.6 | 4.96% | 2016-01-09 | 2026-05-06 |
| CVE-2015-7905 | Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | [email protected] | 7.5 | 4.73% | 2015-11-13 | 2026-05-06 |
| CVE-2015-6478 | Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. | [email protected] | 6.8 | 1.64% | 2015-11-13 | 2026-05-06 |