Unitronics Vision and Samba Series (Update A)

Risk Summary

Successful exploitation of this vulnerability could allow an unauthenticated attacker to take administrative control of Unitronics Vision and Samba series systems and use a default administrative password.

CVEs (1)

Remediations

• Unitronics has patched this vulnerability in VisiLogic version 9.9.00 and recommends all users update to the latest version. Please see Unitronics' update log for more information.
• For users who cannot update to the latest version, CISA urges organizations to:
• Change all default passwords on PLCs and HMIs and use a strong password. Ensure the Unitronics PLC default password "1111" is not in use.
• Set a password on PCOM-enabled sockets.
• Control remote enabled PCOM operations using SDW10 roles.
• Disconnect the PLC from the open internet. If remote access is necessary, control network access to the PLC.
• Implement a Firewall/VPN in front of the PLC to control network access to the remote PLC. A VPN or gateway device can enable multifactor authentication for remote access even if the PLC does not support multifactor authentication. Unitronics also has a secure cellular based longhaul transport device that is secure to their cloud services.
• Use an allowlist of IPs for access.
• Back up the logic and configurations on any Unitronics PLCs to enable fast recovery. Become familiar with the process for factory resetting and deploying configurations to a device in the event of being hit by ransomware.
• If possible, utilize a TCP port that is different than the default port TCP 20256. Cyber actors are actively targeting TCP 20256 after identifying it through network probing as a port associated to Unitronics PLC. Once identified, they leverage scripts specific to PCOM/TCP to query and validate the system, allowing for further probing and connection. If available, use PCOM/TCP filters to parse out the packets.
• Keep Unitronics and other PLC devices updated with the latest versions by the manufacturer.
• Confirm third-party vendors are applying the above recommended countermeasures to mitigate exposure of these devices and all installed equipment.
• CISA and WWS Sector partners have developed numerous tools and resources that water utilities can use to increase their cybersecurity. Please visit:
• CISA: Water and Wastewater Cybersecurity
• EPA: Cybersecurity for the Water Sector
• WaterISAC: Resource Center
• American Water Works Association: Cybersecurity and Guidance
• More information can be found by viewing the Unitronics advisory.
• CISA has also provided further guidance in the following CSA.

Affected Vendors

Affected Products (2)

Affected Sectors

Water and Wastewater