CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Dec 18, 2023
Description
Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.
EPSS — Exploit Probability
Higher than 94.0% of all CVEs
Required Action
Note that while it is possible to change the default password, implementors are encouraged to remove affected controllers from public networks and update the affected firmware: https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf; https://nvd.nist.gov/vuln/detail/CVE-2023-6448
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 13.3%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Dec 11, 2023
Added to KEV
Dec 11, 2023
Remediation Due
Dec 18, 2023