CVE-2024-41927

Summary

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.

Affected Software

VendorProductVersion RangeStatus
IDEC CorporationFC6A Series MICROSmart All-in-One CPU moduleVer.2.60 and earlieraffected
IDEC CorporationFC6B Series MICROSmart All-in-One CPU moduleVer.2.60 and earlieraffected
IDEC CorporationFC6A Series MICROSmart Plus CPU moduleVer.2.40 and earlieraffected
IDEC CorporationFC6B Series MICROSmart Plus CPU moduleVer.2.60 and earlieraffected
IDEC CorporationFT1A Series SmartAXIS Pro/LiteVer.2.41 and earlieraffected

Weaknesses

  • CWE-319: Cleartext transmission of sensitive information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References