Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product’s project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
[
{
"vendor": "IDEC Corporation",
"product": "WindLDR",
"versions": [
{
"version": "Ver.9.1.0 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "WindO/I-NV4",
"versions": [
{
"version": "Ver.3.0.1",
"status": "affected"
}
]
}
]