CVE-2021-20826

CVE-2021-20826 affects IDEC PLCs: FC6A/MICROSmart All-in-One CPU Module (v2.32 and earlier), FC6A/MICROSmart Plus (v1.91 and earlier), WindLDR (v8.19.1 and earlier), WindEDIT Lite (v1.3.1 and earlier), and Data File Manager (v2.12.1 and earlier). Root cause: unprotected transport of credentials (...

CVE-2021-37400

The CVE-2021-37400 issue affects IDEC IDEC PLCs (e.g., FC6A/FC6B MICROSmart modules, FT1A SmartAXIS Pro/Lite, WindLDR, WindEDIT Lite, Data File Manager) where credentials are transmitted without proper protection. The root cause is Unprotected Transport of Credentials (CWE-523) in PLC-to-software...

CVE-2021-37401

IDEC PLCs are affected by CVE-2021-37401 (Plaintext storage of a password). The trusted‑credentials leakage occurs when an attacker obtains user credentials from file servers, backup repositories, or ZLD files saved on SD cards, enabling unauthorized PLC program upload/alteration/download. The jo...

CVE-2021-20827

CVE-2021-20827 describes plaintext storage of a password vulnerability in IDEC PLCs, allowing an attacker to obtain PLC Web server credentials from SD cards (ZLD files) or file backups and potentially hijack the PLC. Affected products and versions include IDEC FC6A/MICROSmart All-in-One CPU Modul...