Unitronics Mitigates VisiLogic Hole

Thursday, June 23, 2016 @ 05:06 PM gHale


Unitronics created a new version to mitigate a buffer overflow vulnerability its VisiLogic product, according to a report on ICS-CERT.

Visilogic prior to Version 9.8.30 suffers from the remotely exploitable issue.

RELATED STORIES
Rockwell Fixes Switch Vulnerability
Advantech Clears ActiveX Holes
Schneider Fixes XSS Vulnerability
Moxa Fixes Switch Vulnerability

By exploiting this vulnerability, identified by Steven Seeley of Source Incite, an attacker could remotely execute arbitrary code.

Unitronics has offices in the United States and Israel.

The affected product, Unitronics VisiLogic OPLC IDE, is an HMI and PLC application programming environment for Vision and SAMBA series controllers. This product sees use on a global basis.

The vulnerability is the result of an attempt to copy into a fixed-length stack buffer without validating its length.

CVE-2016-4519 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Unitronics recommends users upgrade to Visilogic Version 9.8.30 or later to mitigate this vulnerability.

Click here to find the latest VisiLogic version on the Unitronics web site.