CRITICAL🇵🇱 Wersja polska

CVE-2024-27768

CVSS 9.8v3.1pub. 2024-03-18upd. 2025-03-10

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

🤖 AI Analysis
How it works

The CWE-22 (path traversal) vulnerability consists of insufficient validation of file paths transmitted over the network, allowing an attacker to escape the application's permitted directory. By sending an appropriately crafted request containing sequences such as '../', the attacker can access any files on the system or place a malicious file in a critical location. As a result, remote code execution on the target device is possible.

Impact

An attacker can gain full control over the device without authentication, obtaining access to sensitive data, modifying system configuration, and executing arbitrary code (RCE), which in an industrial environment can lead to disruption or sabotage of control processes.

Mitigation & patch

Update Unitronics Unistream Unilogic software to version 1.35.227 or newer. Detailed information is available in the manufacturer's references and in the guide published by Claroty Team82.

Who is affected

Unitronics Unistream Unilogic in versions earlier than 1.35.227

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Unitronics Unilogic

    APP
    Unitronics
    < 1.35.227
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2024-27767CRITICAL10.0PL ✓ten sam produkt

Pominięcie uwierzytelnienia w Unitronics Unilogic (Authentication Bypass)

CVE-2024-27769HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to ...

CVE-2024-27770HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal

CVE-2024-27771HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE

CVE-2024-27772HIGH8.8ten sam produkt

Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE