CRITICAL🇵🇱 Wersja polska

CVE-2024-27767

CVSS 10.0v3.1pub. 2024-03-18upd. 2025-03-10

CWE-287: Improper Authentication may allow Authentication Bypass

🤖 AI Analysis
How it works

The vulnerability results from improper implementation of the authentication mechanism (CWE-287: Improper Authentication). A remote attacker, without possessing any credentials, can bypass identity verification procedures in the application. Due to the network vector (AV:N) and lack of required privileges (PR:N), exploitation is possible directly over the network without requiring prior system access.

Impact

Successful exploitation allows an attacker to gain unauthorized access to the system with potentially full control over the confidentiality, integrity, and availability of data and application functions, which corresponds to the maximum impact indicated by CVSS (C:H/I:H/A:H) with an extended scope of impact (S:C).

Mitigation & patch

Security patches available from the vendor should be applied in accordance with references. It is also recommended to restrict network access to Unilogic systems through a firewall and isolate OT/ICS environments from public networks until updates are deployed.

Who is affected

Unitronics Unilogic software — versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Unitronics Unilogic

    APP
    Unitronics
    < 1.35.227
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-27768CRITICAL9.8PL ✓ten sam produkt

Path Traversal w Unitronics Unilogic umożliwiający RCE

CVE-2024-27769HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to ...

CVE-2024-27770HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal

CVE-2024-27771HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

CVE-2024-27772HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE