Storing passwords in a recoverable format in Unitronics products - CVE-2024-1480
Published: April 19, 2024
Vulnerability identifier: #VU88831
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-1480
CWE-ID: CWE-257
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Unitronics
Affected software:
Vision 230 PLC
Vision 280 PLC
Vision 290 PLC
Vision 530 PLC
Vision 120 PLC
Vision 230 PLC
Vision 280 PLC
Vision 290 PLC
Vision 530 PLC
Vision 120 PLC
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to storing passwords in a recoverable format. A remote attacker can retrieve the "Information Mode" password in plaintext
How to mitigate CVE-2024-1480
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.