CVE-2024-41716

Published: Sep 4, 2024

Modified: Mar 13, 2025

PUBLISHED

Description

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.

Vendor	Product	Versions
IDEC Corporation	WindLDR	affected `Ver.9.1.0 and earlier`
IDEC Corporation	WindO/I-NV4	affected `Ver.3.0.1`

References

https://us.idec.com/media/24-RD-0219-EN.pdf

https://jvn.jp/en/jp/JVN08342147/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-41716

Description

Affected Products

References