CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Dec 18, 2023
High
CISA KEVCVE-2023-6448
Unitronics—Vision PLC and HMI
Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.
Required Action
Note that while it is possible to change the default password, implementors are encouraged to remove affected controllers from public networks and update the affected firmware: https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf; https://nvd.nist.gov/vuln/detail/CVE-2023-6448
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Dec 11, 2023
- KEV Added
- Dec 11, 2023
- Due Date
- Dec 18, 2023
- Related Articles
- 0
Vendor
Unitronics
Vision PLC and HMI