CVE-2024-41927
Published: Sep 4, 2024
Modified: Jul 2, 2025
Description
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
| Vendor | Product | Versions |
|---|---|---|
IDEC Corporation | FC6A Series MICROSmart All-in-One CPU module | affected Ver.2.60 and earlier |
IDEC Corporation | FC6B Series MICROSmart All-in-One CPU module | affected Ver.2.60 and earlier |
IDEC Corporation | FC6A Series MICROSmart Plus CPU module | affected Ver.2.40 and earlier |
IDEC Corporation | FC6B Series MICROSmart Plus CPU module | affected Ver.2.60 and earlier |
IDEC Corporation | FT1A Series SmartAXIS Pro/Lite | affected Ver.2.41 and earlier |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now