彙總 unitronics 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷與緩衝區溢位,在 生產負載與軟體部署 使用場景中可能帶來 檔案覆寫、應用程式崩潰與記憶體損壞 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-38435 | Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service | [email protected] | 6.5 | 0.11% | 2024-07-21 | 2025-07-21 |
| CVE-2024-27774 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | [email protected] | 7.5 | 0.07% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27773 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE | [email protected] | 8.8 | 0.09% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27772 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE | [email protected] | 8.8 | 0.69% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27771 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 8.8 | 0.16% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27770 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal | [email protected] | 8.8 | 0.15% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27769 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices | [email protected] | 8.8 | 0.10% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27768 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | [email protected] | 9.8 | 0.15% | 2024-03-18 | 2025-03-10 |
| CVE-2024-27767 | CWE-287: Improper Authentication may allow Authentication Bypass | [email protected] | 10.0 | 0.04% | 2024-03-18 | 2025-03-10 |
| CVE-2023-6448 KEV | Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system. | 9119a7d8-5eab-497f-8521-727c672e3725 | 9.8 | 13.29% | 2023-12-05 | 2026-02-26 |
| CVE-2023-2003 | Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | [email protected] | 9.1 | 0.37% | 2023-07-13 | 2026-01-08 |
| CVE-2016-4519 | Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file. | [email protected] | 9.8 | 9.75% | 2016-06-25 | 2026-05-06 |
| CVE-2015-7939 | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | [email protected] | 9.6 | 1.61% | 2016-01-09 | 2026-05-06 |
| CVE-2015-7905 | Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | [email protected] | 7.5 | 1.86% | 2015-11-13 | 2026-05-06 |
| CVE-2015-6478 | Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. | [email protected] | 6.8 | 1.64% | 2015-11-13 | 2026-05-06 |