All the vulnerabilites related to IDEC Corporation - FT1A Series SmartAXIS Pro/Lite
cve-2024-41927
Vulnerability from cvelistv5
Published
2024-09-04 00:43
Modified
2024-09-04 13:59
Severity ?
EPSS score ?
Summary
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | IDEC Corporation | FC6A Series MICROSmart All-in-One CPU module |
Version: Ver.2.60 and earlier |
||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-41927", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-04T13:59:49.820372Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-04T13:59:57.911Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "FC6A Series MICROSmart All-in-One CPU module", "vendor": "IDEC Corporation", "versions": [ { "status": "affected", "version": "Ver.2.60 and earlier" } ] }, { "product": "FC6B Series MICROSmart All-in-One CPU module", "vendor": "IDEC Corporation", "versions": [ { "status": "affected", "version": "Ver.2.60 and earlier" } ] }, { "product": "FC6A Series MICROSmart Plus CPU module", "vendor": "IDEC Corporation", "versions": [ { "status": "affected", "version": "Ver.2.40 and earlier" } ] }, { "product": "FC6B Series MICROSmart Plus CPU module", "vendor": "IDEC Corporation", "versions": [ { "status": "affected", "version": "Ver.2.60 and earlier" } ] }, { "product": "FT1A Series SmartAXIS Pro/Lite", "vendor": "IDEC Corporation", "versions": [ { "status": "affected", "version": "Ver.2.41 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC\u0027s serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated." } ], "problemTypes": [ { "descriptions": [ { "description": "Cleartext transmission of sensitive information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-04T00:43:55.555Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://us.idec.com/media/24-RD-0256-EN.pdf" }, { "url": "https://jvn.jp/en/vu/JVNVU96959731/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-41927", "datePublished": "2024-09-04T00:43:55.555Z", "dateReserved": "2024-08-01T01:18:07.241Z", "dateUpdated": "2024-09-04T13:59:57.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }