CVE-2024-27769

Name of the Vulnerable Software and Affected Versions Unitronics Unistream Unilogic versions prior to 1.35.227

Description The issue is related to insufficient protection of service data in the UniLogic Studio software for UniStream series programmable logic controllers. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information and elevate their privileges. This may lead to exposure of sensitive information to an unauthorized actor, potentially allowing them to take ownership of devices.

Recommendations For versions prior to 1.35.227, update to version 1.35.227 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of exploitation.