CVE-2023-6448

Name of the Vulnerable Software and Affected Versions Unitronics VisiLogic versions prior to 9.9.00 Unitronics Vision Series PLCs and HMIs (affected versions not specified)

Description The issue is related to the use of default administrative passwords in Unitronics Vision Series PLCs and HMIs. An unauthenticated attacker with network access can take administrative control of a vulnerable system. The vulnerability has been exploited in real-world attacks, including an incident where hackers attacked a US water facility.

Recommendations For Unitronics VisiLogic versions prior to 9.9.00, update to version 9.9.00 or later to resolve the issue. For Unitronics Vision Series PLCs and HMIs, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider changing the default administrative password to a strong and unique password to minimize the risk of exploitation. Restrict access to the system to only necessary personnel and limit network access to reduce the attack surface.