CWE-287: Improper Authentication may allow Authentication Bypass
The vulnerability results from improper implementation of the authentication mechanism (CWE-287: Improper Authentication). A remote attacker, without possessing any credentials, can bypass identity verification procedures in the application. Due to the network vector (AV:N) and lack of required privileges (PR:N), exploitation is possible directly over the network without requiring prior system access.
Successful exploitation allows an attacker to gain unauthorized access to the system with potentially full control over the confidentiality, integrity, and availability of data and application functions, which corresponds to the maximum impact indicated by CVSS (C:H/I:H/A:H) with an extended scope of impact (S:C).
Security patches available from the vendor should be applied in accordance with references. It is also recommended to restrict network access to Unilogic systems through a firewall and isolate OT/ICS environments from public networks until updates are deployed.
Unitronics Unilogic software — versions indicated in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HUnitronics Unilogic
APPUnitronics< 1.35.227
Related vulnerabilities
Path Traversal w Unitronics Unilogic umożliwiający RCE
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to ...
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE