All the vulnerabilites related to IDEC Corporation - FC6B MICROSmart All-in-One CPU Module
jvndb-2021-006117
Vulnerability from jvndb
Published
2021-12-27 16:54
Modified
2022-01-11 16:36
Severity ?
Summary
Multiple vulnerabilities in IDEC PLCs
Details
Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.
* Unprotected transport of credentials (CWE-523) - CVE-2021-37400
* Plaintext storage of a password (CWE-256) - CVE-2021-37401
* Unprotected transport of credentials (CWE-523) - CVE-2021-20826
* Plaintext storage of a password (CWE-256) - CVE-2021-20827
Khalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported
the case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/vu/JVNVU92279973/index.html | |
CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37400 | |
CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37401 | |
CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20826 | |
CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20827 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20826 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20827 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-37400 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-37401 | |
ICS-CERT ADVISORY | https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03 | |
Unprotected Storage of Credentials(CWE-256) | https://cwe.mitre.org/data/definitions/256.html | |
Unprotected Transport of Credentials(CWE-523) | https://cwe.mitre.org/data/definitions/523.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html", "dc:date": "2022-01-11T16:36+09:00", "dcterms:issued": "2021-12-27T16:54+09:00", "dcterms:modified": "2022-01-11T16:36+09:00", "description": "Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.\r\n\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-37400\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-37401\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-20826\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-20827\r\n\r\nKhalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported\r\nthe case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.", "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html", "sec:cpe": [ { "#text": "cpe:/a:idec:data_file_manager", "@product": "Data File Manager", "@vendor": "IDEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:idec:windedit", "@product": "WindEDIT Lite", "@vendor": "IDEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:idec:windldr", "@product": "WindLDR", "@vendor": "IDEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:idec:ft1a_smartaxix_pro_firmware", "@product": "FT1A Controller SmartAXIS Pro/Lite", "@vendor": "IDEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:idec:microsmart_fc6a_firmware", "@product": "FC6A MICROSmart All-in-One CPU Module", "@vendor": "IDEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:idec:microsmart_fc6b_firmware", "@product": "FC6B MICROSmart All-in-One CPU Module", "@vendor": "IDEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:idec:microsmart_plus_fc6a_firmware", "@product": "FC6A MICROSmart Plus CPU Module", "@vendor": "IDEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:idec:microsmart_plus_fc6b_firmware", "@product": "FC6B MICROSmart Plus CPU Module", "@vendor": "IDEC Corporation", "@version": "2.2" } ], "sec:cvss": [ { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "7.6", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "@version": "3.0" } ], "sec:identifier": "JVNDB-2021-006117", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU92279973/index.html", "@id": "JVNVU#92279973", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37400", "@id": "CVE-2021-37400", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37401", "@id": "CVE-2021-37401", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20826", "@id": "CVE-2021-20826", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20827", "@id": "CVE-2021-20827", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20826", "@id": "CVE-2021-20826", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20827", "@id": "CVE-2021-20827", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37400", "@id": "CVE-2021-37400", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37401", "@id": "CVE-2021-37401", "@source": "NVD" }, { "#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03", "@id": "ICSA-22-006-03", "@source": "ICS-CERT ADVISORY" }, { "#text": "https://cwe.mitre.org/data/definitions/256.html", "@id": "CWE-256", "@title": "Unprotected Storage of Credentials(CWE-256)" }, { "#text": "https://cwe.mitre.org/data/definitions/523.html", "@id": "CWE-523", "@title": "Unprotected Transport of Credentials(CWE-523)" } ], "title": "Multiple vulnerabilities in IDEC PLCs" }