ICSA-24-109-01
·
Published 2024-04-30
·
View on CISA ICS-CERT ↗
Unitronics Vision Legacy series (Update A)
CVSS 7.5
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to log in to the Remote HMI feature, where the PLC may be factory reset, stopped, and restarted.
CVEs (1)
Remediations
- Unitronics recommends users to:
- Change the default 1111 "Info Mode" password via SI 253.
- Restrict Ethernet access to the PLC having an Ethernet card using: 1. Implementing PLC multi-factor access using SB 314. 2. Apply a multi-factor VPN to protect the service from remote access.
- Please follow Unitronics published recommendations or contact Unitronics technical support for more information.
- Dragos recommends users to restrict access to the PLC on TCP/20256 by either changing the default programmer port, or apply a multi-factor VPN to protect the service from remote access.
Affected Vendors
Unitronics
Affected Products (5)
Unitronics
·
Vision 230
vers:all/*
Unitronics
·
Vision 280
vers:all/*
Unitronics
·
Vision 290
vers:all/*
Unitronics
·
Vision 530
vers:all/*
Unitronics
·
Vision 120
vers:all/*
Affected Sectors
Water and Wastewater
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more