Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN08342147/ | Third Party Advisory |
https://us.idec.com/media/24-RD-0219-EN.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Sep 2024, 19:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN08342147/ - Third Party Advisory | |
References | () https://us.idec.com/media/24-RD-0219-EN.pdf - Vendor Advisory | |
CPE | cpe:2.3:a:idec:windo\/i-nv4:*:*:*:*:*:*:*:* cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:* |
|
First Time |
Idec windldr
Idec windo\/i-nv4 Idec |
|
CWE | CWE-312 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
04 Sep 2024, 13:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Sep 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-04 01:15
Updated : 2024-09-13 19:53
NVD link : CVE-2024-41716
Mitre link : CVE-2024-41716
CVE.ORG link : CVE-2024-41716
JSON object : View
Products Affected
idec
- windo\/i-nv4
- windldr
CWE
CWE-312
Cleartext Storage of Sensitive Information