CVE-2024-1480 (GCVE-0-2024-1480)
Vulnerability from cvelistv5 – Published: 2024-04-19 21:19 – Updated: 2024-08-01 18:40
VLAI
EPSS
VEX
Title
Unitronics Vision Standard Unauthenticated Password Retrieval
Summary
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-257 - Storing Passwords in a Recoverable Format
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Unitronics | Vision230 |
Affected:
0
|
|
| Unitronics | Vision280 |
Affected:
0
|
|
| Unitronics | Vision290 |
Affected:
0
|
|
| Unitronics | Vision530 |
Affected:
0
|
|
| Unitronics | Vision120 |
Affected:
0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T19:55:11.495288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T18:46:06.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/unitronics-vision-standard/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Vision230",
"vendor": "Unitronics",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "Vision280",
"vendor": "Unitronics",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "Vision290",
"vendor": "Unitronics",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "Vision530",
"vendor": "Unitronics",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "affected",
"product": "Vision120",
"vendor": "Unitronics",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication."
}
],
"value": "Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257 Storing Passwords in a Recoverable Format",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-19T21:19:27.592Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01"
},
{
"url": "https://www.dragos.com/advisory/unitronics-vision-standard/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unitronics Vision Standard Unauthenticated Password Retrieval",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2024-1480",
"datePublished": "2024-04-19T21:19:27.592Z",
"dateReserved": "2024-02-13T18:49:36.966Z",
"dateUpdated": "2024-08-01T18:40:21.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-1480",
"date": "2026-07-09",
"epss": "0.00503",
"percentile": "0.39431"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.\"}, {\"lang\": \"es\", \"value\": \"La l\\u00ednea de controladores Unitronics Vision Standard permite recuperar la contrase\\u00f1a del modo de informaci\\u00f3n sin autenticaci\\u00f3n.\"}]",
"id": "CVE-2024-1480",
"lastModified": "2024-11-21T08:50:40.430",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ot-cert@dragos.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-04-19T22:15:07.513",
"references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01\", \"source\": \"ot-cert@dragos.com\"}, {\"url\": \"https://www.dragos.com/advisory/unitronics-vision-standard/\", \"source\": \"ot-cert@dragos.com\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.dragos.com/advisory/unitronics-vision-standard/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ot-cert@dragos.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"ot-cert@dragos.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-257\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-1480\",\"sourceIdentifier\":\"ot-cert@dragos.com\",\"published\":\"2024-04-19T22:15:07.513\",\"lastModified\":\"2026-06-17T07:04:20.070\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.\"},{\"lang\":\"es\",\"value\":\"La l\u00ednea de controladores Unitronics Vision Standard permite recuperar la contrase\u00f1a del modo de informaci\u00f3n sin autenticaci\u00f3n.\"}],\"affected\":[{\"source\":\"ot-cert@dragos.com\",\"affectedData\":[{\"vendor\":\"Unitronics\",\"product\":\"Vision230\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"status\":\"affected\"}]},{\"vendor\":\"Unitronics\",\"product\":\"Vision280\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"status\":\"affected\"}]},{\"vendor\":\"Unitronics\",\"product\":\"Vision290\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"status\":\"affected\"}]},{\"vendor\":\"Unitronics\",\"product\":\"Vision530\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"status\":\"affected\"}]},{\"vendor\":\"Unitronics\",\"product\":\"Vision120\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ot-cert@dragos.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-04-20T19:55:11.495288Z\",\"id\":\"CVE-2024-1480\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"ot-cert@dragos.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-257\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01\",\"source\":\"ot-cert@dragos.com\"},{\"url\":\"https://www.dragos.com/advisory/unitronics-vision-standard/\",\"source\":\"ot-cert@dragos.com\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.dragos.com/advisory/unitronics-vision-standard/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T21:17:27+00:00",
"cve": "CVE-2024-1480",
"id": "CVE-2024-1480",
"initial_release_date": "2024-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Unitronics Vision Standard Unauthenticated Password Retrieval",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1480.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.dragos.com/advisory/unitronics-vision-standard/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:40:21.234Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1480\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-20T19:55:11.495288Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-20T19:57:28.295Z\"}}], \"cna\": {\"title\": \"Unitronics Vision Standard Unauthenticated Password Retrieval\", \"source\": {\"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-114\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-114 Authentication Abuse\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Unitronics\", \"product\": \"Vision230\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Unitronics\", \"product\": \"Vision280\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Unitronics\", \"product\": \"Vision290\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Unitronics\", \"product\": \"Vision530\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"Unitronics\", \"product\": \"Vision120\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-109-01\"}, {\"url\": \"https://www.dragos.com/advisory/unitronics-vision-standard/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-257\", \"description\": \"CWE-257 Storing Passwords in a Recoverable Format\"}]}], \"providerMetadata\": {\"orgId\": \"12bdf821-1545-4a87-aac5-61670cc6fcef\", \"shortName\": \"Dragos\", \"dateUpdated\": \"2024-04-19T21:19:27.592Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1480\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T18:40:21.234Z\", \"dateReserved\": \"2024-02-13T18:49:36.966Z\", \"assignerOrgId\": \"12bdf821-1545-4a87-aac5-61670cc6fcef\", \"datePublished\": \"2024-04-19T21:19:27.592Z\", \"assignerShortName\": \"Dragos\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…