Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-41927

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-04 Sep, 2024 | 00:43
Updated At-02 Jul, 2025 | 01:23
Rejected At-
Credits

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:04 Sep, 2024 | 00:43
Updated At:02 Jul, 2025 | 01:23
Rejected At:
▼CVE Numbering Authority (CNA)

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.

Affected Products
Vendor
IDEC Corporation
Product
FC6A Series MICROSmart All-in-One CPU module
Versions
Affected
  • Ver.2.60 and earlier
Vendor
IDEC Corporation
Product
FC6B Series MICROSmart All-in-One CPU module
Versions
Affected
  • Ver.2.60 and earlier
Vendor
IDEC Corporation
Product
FC6A Series MICROSmart Plus CPU module
Versions
Affected
  • Ver.2.40 and earlier
Vendor
IDEC Corporation
Product
FC6B Series MICROSmart Plus CPU module
Versions
Affected
  • Ver.2.60 and earlier
Vendor
IDEC Corporation
Product
FT1A Series SmartAXIS Pro/Lite
Versions
Affected
  • Ver.2.41 and earlier
Problem Types
TypeCWE IDDescription
CWECWE-319Cleartext transmission of sensitive information
Type: CWE
CWE ID: CWE-319
Description: Cleartext transmission of sensitive information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us.idec.com/media/24-RD-0256-EN-b.pdf
N/A
https://jvn.jp/en/vu/JVNVU96959731/
N/A
Hyperlink: https://us.idec.com/media/24-RD-0256-EN-b.pdf
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU96959731/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319 Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:04 Sep, 2024 | 01:15
Updated At:02 Jul, 2025 | 02:15

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
idec
idec
>>kit-fc6a-24-kc_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-kc_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-kc>>-
cpe:2.3:h:idec:kit-fc6a-24-kc:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-pc_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-pc_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-pc>>-
cpe:2.3:h:idec:kit-fc6a-24-pc:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-ra_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra>>-
cpe:2.3:h:idec:kit-fc6a-24-ra:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra-hg1g_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-ra-hg1g_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra-hg1g>>-
cpe:2.3:h:idec:kit-fc6a-24-ra-hg1g:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra-hg2g-5tn_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-ra-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra-hg2g-5tn>>-
cpe:2.3:h:idec:kit-fc6a-24-ra-hg2g-5tn:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra-hg2g-5tt_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-ra-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-ra-hg2g-5tt>>-
cpe:2.3:h:idec:kit-fc6a-24-ra-hg2g-5tt:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc-hg1g_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-rc-hg1g_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc-hg1g>>-
cpe:2.3:h:idec:kit-fc6a-24-rc-hg1g:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-rc_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc>>-
cpe:2.3:h:idec:kit-fc6a-24-rc:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc-hg2g-5tn_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-rc-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc-hg2g-5tn>>-
cpe:2.3:h:idec:kit-fc6a-24-rc-hg2g-5tn:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc-hg2g-5tt_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-24-rc-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-24-rc-hg2g-5tt>>-
cpe:2.3:h:idec:kit-fc6a-24-rc-hg2g-5tt:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg2g-vhp_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-c24r-hg2g-vhp_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg2g-vhp>>-
cpe:2.3:h:idec:kit-fc6a-c24r-hg2g-vhp:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg3g-v8hp_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-c24r-hg3g-v8hp_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg3g-v8hp>>-
cpe:2.3:h:idec:kit-fc6a-c24r-hg3g-v8hp:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg3g-vahp_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-c24r-hg3g-vahp_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg3g-vahp>>-
cpe:2.3:h:idec:kit-fc6a-c24r-hg3g-vahp:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg4g-vhp_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-c24r-hg4g-vhp_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg4g-vhp>>-
cpe:2.3:h:idec:kit-fc6a-c24r-hg4g-vhp:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg5g-vhp_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-c24r-hg5g-vhp_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-c24r-hg5g-vhp>>-
cpe:2.3:h:idec:kit-fc6a-c24r-hg5g-vhp:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-pc_firmware>>Versions up to 2.6(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-pc_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-pc>>-
cpe:2.3:h:idec:kit-fc6a-16-pc:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-ra_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra>>-
cpe:2.3:h:idec:kit-fc6a-16-ra:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-kc_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-kc_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-kc>>-
cpe:2.3:h:idec:kit-fc6a-16-kc:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra-hg1g_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-ra-hg1g_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra-hg1g>>-
cpe:2.3:h:idec:kit-fc6a-16-ra-hg1g:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra-hg2g-5tn_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-ra-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra-hg2g-5tn>>-
cpe:2.3:h:idec:kit-fc6a-16-ra-hg2g-5tn:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra-hg2g-5tt_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-ra-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-ra-hg2g-5tt>>-
cpe:2.3:h:idec:kit-fc6a-16-ra-hg2g-5tt:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-rc_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc>>-
cpe:2.3:h:idec:kit-fc6a-16-rc:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc-hg2g-5tn_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-rc-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc-hg2g-5tn>>-
cpe:2.3:h:idec:kit-fc6a-16-rc-hg2g-5tn:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc-hg1g_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-rc-hg1g_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc-hg1g>>-
cpe:2.3:h:idec:kit-fc6a-16-rc-hg1g:-:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc-hg2g-5tt_firmware>>Versions up to 2.60(inclusive)
cpe:2.3:o:idec:kit-fc6a-16-rc-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec
idec
>>kit-fc6a-16-rc-hg2g-5tt>>-
cpe:2.3:h:idec:kit-fc6a-16-rc-hg2g-5tt:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primaryvultures@jpcert.or.jp
CWE-319Secondarynvd@nist.gov
CWE-319Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-319
Type: Primary
Source: vultures@jpcert.or.jp
CWE ID: CWE-319
Type: Secondary
Source: nvd@nist.gov
CWE ID: CWE-319
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/vu/JVNVU96959731/vultures@jpcert.or.jp
Third Party Advisory
https://us.idec.com/media/24-RD-0256-EN-b.pdfvultures@jpcert.or.jp
N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU96959731/
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
Hyperlink: https://us.idec.com/media/24-RD-0256-EN-b.pdf
Source: vultures@jpcert.or.jp
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2024-31799
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 8.54%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 00:00
Updated-16 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port.

Action-Not Available
Vendor-gncchomen/agncchome
Product-_gncc_c2gncc_c2_firmwaren/agc2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-0553
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.72%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible to retrieve uncrypted firmware image

There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily.

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
Details not found