/

CVE-2023-2003 Report - Details, Severity, & Advisories

CVE-2023-2003 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-2003?

A critical vulnerability, CVE-2023-2003, has been discovered in certain devices running Vision1210 firmware version 4.3 build 5. This vulnerability allows remote attackers to store and execute malicious code on affected systems, posing a significant security risk. The issue primarily affects PLC and HMI devices, specifically Unitronics' Vision1210 model and other models that use the PCOM protocol. With a severity score of 9.8, it is crucial for organizations to be aware of this vulnerability and take appropriate measures to protect their systems.

Who is impacted by CVE-2023-2003?

The CVE-2023-2003 vulnerability affects users of Unitronics' Vision1210 devices and other models that use the PCOM protocol on port 20256. Specifically, it impacts Vision1210 devices running firmware version 4.3, build 5. This vulnerability allows remote attackers to store and execute malicious code on the affected systems, posing a significant security risk.

What to do if CVE-2023-2003 affected you

If you're affected by the CVE-2023-2003 vulnerability, it's crucial to take action to protect your systems. Here's a simplified list of steps to follow:

  1. Contact Unitronics for guidance on addressing the vulnerability.

  2. Apply any patches or updates provided by the manufacturer.

  3. Monitor your systems for signs of unauthorized access or malicious activity.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-2003 vulnerability, an embedded malicious code issue in Vision1210 devices, is not listed in CISA's Known Exploited Vulnerabilities Catalog. Discovered on July 13, 2023, this critical vulnerability allows remote attackers to store and execute malicious code on affected systems. No specific required actions are mentioned, but it is crucial to monitor systems for unauthorized access and apply any available patches or updates.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-506, which involves embedded malicious code in Vision1210 devices.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-2003 Report - Details, Severity, & Advisories

CVE-2023-2003 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-2003?

A critical vulnerability, CVE-2023-2003, has been discovered in certain devices running Vision1210 firmware version 4.3 build 5. This vulnerability allows remote attackers to store and execute malicious code on affected systems, posing a significant security risk. The issue primarily affects PLC and HMI devices, specifically Unitronics' Vision1210 model and other models that use the PCOM protocol. With a severity score of 9.8, it is crucial for organizations to be aware of this vulnerability and take appropriate measures to protect their systems.

Who is impacted by CVE-2023-2003?

The CVE-2023-2003 vulnerability affects users of Unitronics' Vision1210 devices and other models that use the PCOM protocol on port 20256. Specifically, it impacts Vision1210 devices running firmware version 4.3, build 5. This vulnerability allows remote attackers to store and execute malicious code on the affected systems, posing a significant security risk.

What to do if CVE-2023-2003 affected you

If you're affected by the CVE-2023-2003 vulnerability, it's crucial to take action to protect your systems. Here's a simplified list of steps to follow:

  1. Contact Unitronics for guidance on addressing the vulnerability.

  2. Apply any patches or updates provided by the manufacturer.

  3. Monitor your systems for signs of unauthorized access or malicious activity.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-2003 vulnerability, an embedded malicious code issue in Vision1210 devices, is not listed in CISA's Known Exploited Vulnerabilities Catalog. Discovered on July 13, 2023, this critical vulnerability allows remote attackers to store and execute malicious code on affected systems. No specific required actions are mentioned, but it is crucial to monitor systems for unauthorized access and apply any available patches or updates.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-506, which involves embedded malicious code in Vision1210 devices.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-2003 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-2003?

A critical vulnerability, CVE-2023-2003, has been discovered in certain devices running Vision1210 firmware version 4.3 build 5. This vulnerability allows remote attackers to store and execute malicious code on affected systems, posing a significant security risk. The issue primarily affects PLC and HMI devices, specifically Unitronics' Vision1210 model and other models that use the PCOM protocol. With a severity score of 9.8, it is crucial for organizations to be aware of this vulnerability and take appropriate measures to protect their systems.

Who is impacted by CVE-2023-2003?

The CVE-2023-2003 vulnerability affects users of Unitronics' Vision1210 devices and other models that use the PCOM protocol on port 20256. Specifically, it impacts Vision1210 devices running firmware version 4.3, build 5. This vulnerability allows remote attackers to store and execute malicious code on the affected systems, posing a significant security risk.

What to do if CVE-2023-2003 affected you

If you're affected by the CVE-2023-2003 vulnerability, it's crucial to take action to protect your systems. Here's a simplified list of steps to follow:

  1. Contact Unitronics for guidance on addressing the vulnerability.

  2. Apply any patches or updates provided by the manufacturer.

  3. Monitor your systems for signs of unauthorized access or malicious activity.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-2003 vulnerability, an embedded malicious code issue in Vision1210 devices, is not listed in CISA's Known Exploited Vulnerabilities Catalog. Discovered on July 13, 2023, this critical vulnerability allows remote attackers to store and execute malicious code on affected systems. No specific required actions are mentioned, but it is crucial to monitor systems for unauthorized access and apply any available patches or updates.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-506, which involves embedded malicious code in Vision1210 devices.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.