Lucene search

MitreCVE-2021-37400

HistoryDec 28, 2021 - 1:15 p.m.

CVE-2021-37400

2021-12-2813:15:08

CWE-522

mitre

web.nvd.nist.gov

cve-2021-37400

attacker

user credentials

communication

plc

upload

alteration

download

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.

Affected configurations

Nvd

Node

idecdata_file_managerRange≤2.12.1

idecwindeditRange≤1.3.1

idecwindldrRange≤8.19.1

Node

idecmicrosmart_plus_fc6bMatch-

AND

idecmicrosmart_plus_fc6b_firmwareRange≤2.31

Node

idecmicrosmart_plus_fc6aMatch-

AND

idecmicrosmart_plus_fc6a_firmwareRange≤1.91

Node

idecmicrosmart_fc6bMatch-

AND

idecmicrosmart_fc6b_firmwareRange≤2.31

Node

idecmicrosmart_fc6aMatch-

AND

idecmicrosmart_fc6a_firmwareRange≤2.32

Node

idecft1a_smartaxix_pro_firmwareRange≤2.31

AND

idecft1a_smartaxix_proMatch-

Node

idecft1a_smartaxix_lite_firmwareRange≤2.31

AND

idecft1a_smartaxix_liteMatch-

VendorProductVersionCPE
idecdata_file_manager*cpe:2.3:a:idec:data_file_manager:*:*:*:*:*:*:*:*
idecwindedit*cpe:2.3:a:idec:windedit:*:*:*:*:*:*:*:*
idecwindldr*cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:*
idecmicrosmart_plus_fc6b-cpe:2.3:h:idec:microsmart_plus_fc6b:-:*:*:*:*:*:*:*
idecmicrosmart_plus_fc6b_firmware*cpe:2.3:o:idec:microsmart_plus_fc6b_firmware:*:*:*:*:*:*:*:*
idecmicrosmart_plus_fc6a-cpe:2.3:h:idec:microsmart_plus_fc6a:-:*:*:*:*:*:*:*
idecmicrosmart_plus_fc6a_firmware*cpe:2.3:o:idec:microsmart_plus_fc6a_firmware:*:*:*:*:*:*:*:*
idecmicrosmart_fc6b-cpe:2.3:h:idec:microsmart_fc6b:-:*:*:*:*:*:*:*
idecmicrosmart_fc6b_firmware*cpe:2.3:o:idec:microsmart_fc6b_firmware:*:*:*:*:*:*:*:*
idecmicrosmart_fc6a-cpe:2.3:h:idec:microsmart_fc6a:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
idec	data_file_manager	*	cpe:2.3:a:idec:data_file_manager::::::::
idec	windedit	*	cpe:2.3:a:idec:windedit::::::::
idec	windldr	*	cpe:2.3:a:idec:windldr::::::::
idec	microsmart_plus_fc6b	-	cpe:2.3:h:idec:microsmart_plus_fc6b:-:::::::*
idec	microsmart_plus_fc6b_firmware	*	cpe:2.3:o:idec:microsmart_plus_fc6b_firmware::::::::
idec	microsmart_plus_fc6a	-	cpe:2.3:h:idec:microsmart_plus_fc6a:-:::::::*
idec	microsmart_plus_fc6a_firmware	*	cpe:2.3:o:idec:microsmart_plus_fc6a_firmware::::::::
idec	microsmart_fc6b	-	cpe:2.3:h:idec:microsmart_fc6b:-:::::::*
idec	microsmart_fc6b_firmware	*	cpe:2.3:o:idec:microsmart_fc6b_firmware::::::::
idec	microsmart_fc6a	-	cpe:2.3:h:idec:microsmart_fc6a:-:::::::*

Rows per page:

1-10 of 151

References

jvn.jp/en/vu/JVNVU92279973/

us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A

us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer

www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

Related for CVE-2021-37400