CVE-2024-27771 – CVE-2024-27771 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2024-27771?

CVE-2024-27771 has a CVSS score of 8.8 (HIGH). CVE-2024-27771 is a path traversal vulnerability in Unitronics Unistream Unilogic software that could allow remote code execution. Attackers can exploit this to execute arbitrary code on affected devices. Organizations using Unitronics Unistream devices with Unilogic software versions prior to 1.35.227 are affected.

📋 TL;DR

CVE-2024-27771 is a path traversal vulnerability in Unitronics Unistream Unilogic software that could allow remote code execution. Attackers can exploit this to execute arbitrary code on affected devices. Organizations using Unitronics Unistream devices with Unilogic software versions prior to 1.35.227 are affected.

💻 Affected Systems

Products:

Unitronics Unistream Unilogic

Versions: Versions prior to 1.35.227

Operating Systems: Not specified - likely embedded/industrial OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Unitronics Unistream programmable logic controllers (PLCs) and human-machine interfaces (HMIs) using Unilogic software.

📦 What is this software?

Unilogic by Unitronics

View all CVEs affecting Unilogic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary code, potentially gaining complete control over the industrial control system, disrupting operations, or causing physical damage.

🟠

Likely Case

Remote code execution leading to unauthorized access, data theft, or disruption of industrial processes controlled by the vulnerable devices.

🟢

If Mitigated

Limited impact if devices are properly segmented and access controlled, though the vulnerability still exists in the software.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can remotely exploit this vulnerability without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity, and the CWE-22 classification suggests unauthenticated access may be possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.35.227

Vendor Advisory: https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0

Restart Required: Yes

Instructions:

1. Download Unilogic version 1.35.227 or later from Unitronics official website. 2. Install the update on all affected Unistream devices. 3. Restart devices to apply the patch.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Unitronics Unistream devices from untrusted networks and the internet.

Access Control Lists

all

Implement strict firewall rules to limit access to Unistream devices only from authorized management stations.

🧯 If You Can't Patch

Segment industrial control network from corporate and internet networks using firewalls
Implement strict access controls and monitor all traffic to/from Unistream devices

🔍 How to Verify

Check if Vulnerable:

Check Unilogic software version on Unistream devices. If version is below 1.35.227, the device is vulnerable.

Check Version:

Check version in Unilogic software interface or device management console

Verify Fix Applied:

Verify Unilogic software version is 1.35.227 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Unexpected process execution
Authentication bypass attempts

Network Indicators:

Unusual traffic to Unistream device ports
Path traversal patterns in HTTP requests

SIEM Query:

source="unistream" AND (event="file_access" OR event="process_execution") AND status="unusual"

📊 Metadata

CVE ID: CVE-2024-27771

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: March 18, 2024

Last Updated: March 10, 2025

🔗 References

https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered Third Party Advisory
https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Third Party Advisory
https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered Third Party Advisory
https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27771, you might also want to check these: