Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.1 | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Secondary | 3.1 | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| https://jvn.jp/en/vu/JVNVU96959731/ | vultures@jpcert.or.jp | Third Party Advisory |
| https://us.idec.com/media/24-RD-0256-EN-b.pdf | vultures@jpcert.or.jp | N/A |