CVE-2024-41716

Summary

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.

Affected Software

VendorProductVersion RangeStatus
IDEC CorporationWindLDRVer.9.1.0 and earlieraffected
IDEC CorporationWindO/I-NV4Ver.3.0.1affected

Weaknesses

  • Cleartext storage of sensitive information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References