CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
21.4%
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC’s serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
Vendor | Product | Version | CPE |
---|---|---|---|
idec | kit-fc6a-24-kc_firmware | * | cpe:2.3:o:idec:kit-fc6a-24-kc_firmware:*:*:*:*:*:*:*:* |
idec | kit-fc6a-24-kc | - | cpe:2.3:h:idec:kit-fc6a-24-kc:-:*:*:*:*:*:*:* |
idec | kit-fc6a-24-pc_firmware | * | cpe:2.3:o:idec:kit-fc6a-24-pc_firmware:*:*:*:*:*:*:*:* |
idec | kit-fc6a-24-pc | - | cpe:2.3:h:idec:kit-fc6a-24-pc:-:*:*:*:*:*:*:* |
idec | kit-fc6a-24-ra_firmware | * | cpe:2.3:o:idec:kit-fc6a-24-ra_firmware:*:*:*:*:*:*:*:* |
idec | kit-fc6a-24-ra | - | cpe:2.3:h:idec:kit-fc6a-24-ra:-:*:*:*:*:*:*:* |
idec | kit-fc6a-24-ra-hg1g_firmware | * | cpe:2.3:o:idec:kit-fc6a-24-ra-hg1g_firmware:*:*:*:*:*:*:*:* |
idec | kit-fc6a-24-ra-hg1g | - | cpe:2.3:h:idec:kit-fc6a-24-ra-hg1g:-:*:*:*:*:*:*:* |
idec | kit-fc6a-24-ra-hg2g-5tn_firmware | * | cpe:2.3:o:idec:kit-fc6a-24-ra-hg2g-5tn_firmware:*:*:*:*:*:*:*:* |
idec | kit-fc6a-24-ra-hg2g-5tn | - | cpe:2.3:h:idec:kit-fc6a-24-ra-hg2g-5tn:-:*:*:*:*:*:*:* |
[
{
"vendor": "IDEC Corporation",
"product": "FC6A Series MICROSmart All-in-One CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6B Series MICROSmart All-in-One CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6A Series MICROSmart Plus CPU module",
"versions": [
{
"version": "Ver.2.40 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6B Series MICROSmart Plus CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FT1A Series SmartAXIS Pro/Lite",
"versions": [
{
"version": "Ver.2.41 and earlier",
"status": "affected"
}
]
}
]