CVE-2023-6448

Summary

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.

Affected Software

VendorProductVersion RangeStatus
UnitronicsVisiLogic0 < 9.9.00affected

Weaknesses

  • CWE-1188: CWE-1188 Insecure Default Initialization of Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References