Lucene search
JpcertCVELIST:CVE-2024-41927HistorySep 04, 2024 - 12:43 a.m.
CVE-2024-41927
2024-09-0400:43:55
jpcert
www.cve.org
3
cve-2024-41927
sensitive information
idec plcs
serial communication
user credentials
program manipulation
EPSS
0.001
Percentile
21.4%
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC’s serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
CNA Affected
[
{
"vendor": "IDEC Corporation",
"product": "FC6A Series MICROSmart All-in-One CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6B Series MICROSmart All-in-One CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6A Series MICROSmart Plus CPU module",
"versions": [
{
"version": "Ver.2.40 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FC6B Series MICROSmart Plus CPU module",
"versions": [
{
"version": "Ver.2.60 and earlier",
"status": "affected"
}
]
},
{
"vendor": "IDEC Corporation",
"product": "FT1A Series SmartAXIS Pro/Lite",
"versions": [
{
"version": "Ver.2.41 and earlier",
"status": "affected"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-41927
2024-09-04 00:43:55
nvd
nvd
CVE-2024-41927
2024-09-04 01:15:11
cve
cve
CVE-2024-41927
2024-09-04 01:15:11
ics
ics
IDEC PLCs
2024-09-19 12:00:00