Vulnerability identifier: #VU84100

Vulnerability risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-6448

CWE-ID: CWE-1392

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Unitronics Vision
Server applications / SCADA systems

Vendor: Unitronics

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to Unitronics Vision Series PLCs and HMIs use default administrative passwords. A remote attacker with network access to a PLC or HMI can gain administrative control over the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation
It is recommended to change the default administrative password ASAP.

Vulnerable software versions

Unitronics Vision: All versions

---

External links
http://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems
http://www.waterisac.org/portal/tlpclear-cisa-releases-alert-exploitation-unitronics-plcs-used-water-and-wastewater-systems
http://www.waterisac.org/portal/tlpclear-water-utility-control-system-cyber-incident-advisory-icsscada-incident-municipal

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.