Unitronics VisiLogic Remote Code Execution Vulnerabilities
The information has been provided by Steven Seeley of Source Incite, Fritz Sands of ZDI, and Andrea Micalizzi.
* Unitronics VisiLogic OPLC IDE before 9.8.02
* Unitronics VisiLogic OPLC IDE after 9.8.02
Unitronics VisiLogic is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.
Original release date: 11/12/2015
Last revised: 11/13/2015