Critical Vulnerabilities in Unitronics Products

Published on 20 Mar 2024

Unitronics has released security updates to address critical vulnerabilities (CVE-2024-27767 and CVE-2024-27768) affecting their Unistream Unilogic software, an interface for programming and configuring Unistream devices.

The critical vulnerabilities are:

  • CVE-2024-27767: Successful exploitation of the vulnerability could allow an attacker to bypass authentication. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.
  • CVE-2024-27768: Successful exploitation of the vulnerability could allow an attacker to perform remote code execution. This vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

The critical vulnerabilities affect UniStream OS versions prior to 1.35.227.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://downloads.unitronicsplc.com/Sites/plc/Unilogic/UniLogic_1.35.227_January_2024.pdf

https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered

Tags
Alerts Alerts & Advisories
Share