CVE-2023-6448 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa-cg	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
unitronics	vision1210_firmware	𝑥 < 12.38
unitronics	vision1040_firmware	𝑥 < 12.38
unitronics	vision700_firmware	𝑥 < 12.38
unitronics	vision570_firmware	𝑥 < 12.38
unitronics	vision560_firmware	𝑥 < 12.38
unitronics	vision430_firmware	𝑥 < 12.38
unitronics	vision350_firmware	𝑥 < 12.38
unitronics	vision130_firmware	𝑥 < 12.38
unitronics	vision230_firmware	𝑥 < 12.38
unitronics	vision280_firmware	𝑥 < 12.38
unitronics	vision290_firmware	𝑥 < 12.38
unitronics	vision530_firmware	𝑥 < 12.38
unitronics	vision120_firmware	𝑥 < 12.38
unitronics	visilogic	𝑥 < 9.9.00
unitronics	samba_3.5_firmware	𝑥 < 12.38
unitronics	samba_4.3_firmware	𝑥 < 12.38
unitronics	samba_7_firmware	𝑥 < 12.38

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1188 - Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf

https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf

https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems

https://www.unitronicsplc.com/cyber_security_vision-samba/

https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf

https://downloads.unitronicsplc.com/Sites/plc/Visilogic/Version_Changes-Bug_Reports/VisiLogic%209.9.00%20Version%20changes.pdf

https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems

https://www.unitronicsplc.com/cyber_security_vision-samba/