Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC’s serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
[
{
"vendor": "IDEC Corporation",
"product": "FC6A Series MICROSmart All-in-One CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6B Series MICROSmart All-in-One CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6A Series MICROSmart Plus CPU module",
"versions": [
{
"version": "Ver.2.40 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6B Series MICROSmart Plus CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FT1A Series SmartAXIS Pro/Lite",
"versions": [
{
"version": "Ver.2.41 and earlier",
"status": "affected"
}
]
}
]