CVE-2024-27774

Name of the Vulnerable Software and Affected Versions Unitronics Unistream Unilogic versions prior to 1.35.227

Description The issue is related to the use of hard-coded passwords, which may allow an attacker to disclose sensitive information embedded inside the device's firmware. This could potentially enable unauthorized access to protected information. The vulnerability is associated with the use of pre-installed credentials in the UniLogic Studio series UniStream programmable logic controllers.

Recommendations For versions prior to 1.35.227, update to version 1.35.227 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation. Avoid using default or hard-coded passwords in the affected devices until the issue is resolved.