Unitronics VisiLogic Remote Code Execution Vulnerabilities

Summary

Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.

Credit:

The information has been provided by Steven Seeley of Source Incite, Fritz Sands of ZDI, and Andrea Micalizzi.


Details

Vulnerable Systems:
 * Unitronics VisiLogic OPLC IDE before 9.8.02

Immune Systems:
 * Unitronics VisiLogic OPLC IDE after 9.8.02

Unitronics VisiLogic is prone to multiple remote code-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.

CVE Information:
CVE-2015-7905

Disclosure Timeline:
Original release date: 11/12/2015
Last revised: 11/13/2015

Categories: News