CVE-2024-41716

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
References
Link Resource
https://jvn.jp/en/jp/JVN08342147/ Third Party Advisory
https://us.idec.com/media/24-RD-0219-EN.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:*
cpe:2.3:a:idec:windo\/i-nv4:*:*:*:*:*:*:*:*

History

13 Sep 2024, 19:53

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN08342147/ - () https://jvn.jp/en/jp/JVN08342147/ - Third Party Advisory
References () https://us.idec.com/media/24-RD-0219-EN.pdf - () https://us.idec.com/media/24-RD-0219-EN.pdf - Vendor Advisory
CPE cpe:2.3:a:idec:windo\/i-nv4:*:*:*:*:*:*:*:*
cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:*
First Time Idec windldr
Idec windo\/i-nv4
Idec
CWE CWE-312
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1

04 Sep 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de almacenamiento de texto plano de información confidencial en WindLDR y WindO/I-NV4. Si se explota esta vulnerabilidad, un atacante que haya obtenido el archivo de proyecto del producto puede obtener las credenciales de usuario del PLC o las interfaces del operador. Como resultado, un atacante puede manipular y/o suspender el PLC y las interfaces del operador accediendo a ellos o secuestrándolos.

04 Sep 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-04 01:15

Updated : 2024-09-13 19:53


NVD link : CVE-2024-41716

Mitre link : CVE-2024-41716

CVE.ORG link : CVE-2024-41716


JSON object : View

Products Affected

idec

  • windo\/i-nv4
  • windldr
CWE
CWE-312

Cleartext Storage of Sensitive Information