External risk intelligence

Unitronics PLC and HMI Default Password Risk

CVE advisoryKnown Exploit

CVE-2023-6448

Unitronics VisiLogic software used in Vision and Samba PLCs and HMIs has a default administrative password vulnerability. Unauthenticated attackers with network access can gain administrative control, potentially disrupting operations and accessing data. This poses a business risk to affected organizations.

2Halo Surface Signal

Unitronics Vision1210 Firmware

before 12.38before 9.9.00

External exposure likelihood

Halo Surface Signal score for CVE-2023-6448

This CVE involves industrial control PLCs and HMI devices. While these systems can be network-reachable, they are typically deployed in isolated industrial or internal operational technology networks rather than being public-internet-facing by design. Public internet exposure for these devices is considered uncommon and contrary to standard deployment practices.

Horizon Alert

Summary of the vulnerability and why it matters

The Unitronics VisiLogic software, utilized in Vision and Samba PLCs and HMIs, is susceptible to a vulnerability stemming from the use of a default administrative password. An attacker who can access the system over a network, without prior authentication, could gain administrative control. This could lead to significant disruption of operational processes and potential unauthorized access to sensitive system information.

Vulnerable Unitronics software and hardware
Exploitation of default administrative password
Unauthorized system control and data access

Attack Path

How an attacker could exploit the issue

Attackers can exploit a default administrative password to gain unauthorized administrative control over vulnerable Unitronics Vision and Samba PLCs and HMIs. This access allows for manipulation of the system's functions and data. The exploit does not require any specific user interaction or prior authentication.

Network-accessible systems are exposed.
Unauthenticated attackers gain access.
Control is taken, impacting operations.

Live Threat

Current exploitation, exposure, and threat context

The identified vulnerability in Unitronics VisiLogic, affecting Vision and Samba PLCs and HMIs, presents a significant security risk. Attackers with network access can exploit a default administrative password to gain full administrative control of vulnerable systems. This unauthorized access could lead to disruption of industrial operations, data manipulation, or system compromise, posing a considerable business risk. Given the potential for widespread impact on operational technology environments, this vulnerability warrants urgent attention.

Likely attacker skill level: Low.
Required access or conditions: Network access.
Business risk or urgency: High.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in Unitronics VisiLogic, Vision, and Samba devices allows an unauthenticated attacker with network access to gain administrative control. The issue stems from the use of a default administrative password. Successful exploitation could lead to a compromise of the affected systems.

Identify exposed Unitronics assets.
Isolate or reduce exposure of affected systems.
Apply vendor fix and validate.
Monitor for related issues.

Frequently asked questions

What is Unitronics VisiLogic software and its role in industrial automation?

Unitronics VisiLogic is a programming software essential for configuring and managing Unitronics Vision and Samba series PLCs and HMIs. These devices are integral to controlling and monitoring automated processes within industrial settings, facilitating efficient operations.

How does CVE-2023-6448 compromise Unitronics devices?

CVE-2023-6448 is a vulnerability related to default passwords (CWE-798). It means that certain versions of Unitronics VisiLogic and the industrial devices they manage often retain a default administrative password, allowing unauthenticated attackers with network access to gain administrative control.

What is the attack vector for CVE-2023-6448 and what systems are affected?

The attack vector for CVE-2023-6448 is the network (AV:N), requiring no prior authentication (PR:N) or user interaction (UI:N). This affects Unitronics Vision and Samba series PLCs and HMIs running vulnerable versions of VisiLogic software.

What is the relevance of CVE-2023-6448 to industrial control systems?

CVE-2023-6448 is highly relevant to industrial control systems as it allows unauthenticated attackers with network access to gain administrative control over Unitronics Vision and Samba PLCs/HMIs. This could lead to significant disruption of critical infrastructure operations.

What steps should be taken to address the Unitronics VisiLogic vulnerability?

To address this vulnerability, organizations should identify exposed Unitronics assets, isolate affected systems from public networks, and apply vendor-provided updates for VisiLogic software and device firmware. Monitoring for suspicious activity is also recommended.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.