CVE-2024-41927
Severity CVSS v4.0:
Pending analysis
Type:
CWE-319
Cleartext Transmission of Sensitive Information
Publication date:
04/09/2024
Last modified:
02/07/2025
Description
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
Impact
Base Score 3.x
4.60
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:idec:kit-fc6a-24-kc_firmware:*:*:*:*:*:*:*:* | 2.60 (including) | |
| cpe:2.3:h:idec:kit-fc6a-24-kc:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:idec:kit-fc6a-24-pc_firmware:*:*:*:*:*:*:*:* | 2.60 (including) | |
| cpe:2.3:h:idec:kit-fc6a-24-pc:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:idec:kit-fc6a-24-ra_firmware:*:*:*:*:*:*:*:* | 2.60 (including) | |
| cpe:2.3:h:idec:kit-fc6a-24-ra:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:idec:kit-fc6a-24-ra-hg1g_firmware:*:*:*:*:*:*:*:* | 2.60 (including) | |
| cpe:2.3:h:idec:kit-fc6a-24-ra-hg1g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:idec:kit-fc6a-24-ra-hg2g-5tn_firmware:*:*:*:*:*:*:*:* | 2.60 (including) | |
| cpe:2.3:h:idec:kit-fc6a-24-ra-hg2g-5tn:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:idec:kit-fc6a-24-ra-hg2g-5tt_firmware:*:*:*:*:*:*:*:* | 2.60 (including) | |
| cpe:2.3:h:idec:kit-fc6a-24-ra-hg2g-5tt:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:idec:kit-fc6a-24-rc-hg1g_firmware:*:*:*:*:*:*:*:* | 2.60 (including) | |
| cpe:2.3:h:idec:kit-fc6a-24-rc-hg1g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:idec:kit-fc6a-24-rc_firmware:*:*:*:*:*:*:*:* | 2.60 (including) |
To consult the complete list of CPE names with products and versions, see this page