Unitronics VisiLogic OPLC IDE Vulnerabilities (Update A)

Act Now9.8ICS-CERT ICSA-15-274-02AJul 4, 2015

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Unitronics VisiLogic OPLC IDE contains multiple critical vulnerabilities (CWE-623: Unsafe ActiveX Control and CWE-94: Improper Control of Generation of Code). The vulnerabilities allow remote code execution with network access and no authentication required. Affected versions: VisiLogic OPLC IDE 9.8.0.00 and earlier.

What this means

What could happen

An attacker with network access to a workstation running VisiLogic could execute arbitrary code and take control of the IDE, enabling manipulation of PLC logic, process parameters, and safety interlocks. This could result in unauthorized changes to plant operations, production disruption, or safety system bypass.

Who's at risk

Manufacturing organizations using Unitronics VisiLogic OPLC IDE for programming and configuring VisiLogic Programmable Logic Controllers. This includes any facility with engineering workstations running the IDE connected to a network, particularly those where the IDE workstation is accessible from adjacent networks or the internet.

How it could be exploited

An attacker sends a crafted network packet or malicious input to a system running VisiLogic OPLC IDE. The unsafe ActiveX control (CWE-623) or code generation flaw (CWE-94) is triggered, allowing the attacker to execute arbitrary code on the engineering workstation without authentication. From there, the attacker can modify PLC programs before they are deployed to operational controllers.

Prerequisites

Network access to the engineering workstation running VisiLogic OPLC IDE
No credentials or user interaction required

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (10.5%)No patch availableAffects PLC programming and control logic

Exploitability

High exploit probability (EPSS 10.5%)

Affected products (1)

ProductAffected VersionsFix Status

VisiLogic OPLC IDE: <=9.8.0.00≤ 9.8.0.00No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate VisiLogic OPLC IDE engineering workstations from untrusted networks using air-gapping or network segmentation; restrict network access to engineering workstations using firewalls and access control lists

WORKAROUNDImplement network-based intrusion detection/prevention (IDS/IPS) rules to monitor and block exploitation attempts targeting known vulnerable ports and patterns

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

WORKAROUNDDisable unnecessary network services and disable ActiveX controls if not required for critical IDE functions

Mitigations - no patch available

0/2

VisiLogic OPLC IDE: <=9.8.0.00 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMigrate to alternative PLC IDE solutions from other vendors if feasible, or evaluate upgrade paths if Unitronics releases a successor product with security improvements

HARDENINGImplement application whitelisting on engineering workstations to restrict execution of unexpected code

CVEs (3)

CVE-2015-6478 CVE-2015-7905 CVE-2015-7939

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4efbb507-9264-4b28-9f83-2f5671bee608