All the vulnerabilites related to IDEC Corporation - Data File Manager
jvndb-2021-006117
Vulnerability from jvndb
Published
2021-12-27 16:54
Modified
2022-01-11 16:36
Severity ?
Summary
Multiple vulnerabilities in IDEC PLCs
Details
Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below. * Unprotected transport of credentials (CWE-523) - CVE-2021-37400 * Plaintext storage of a password (CWE-256) - CVE-2021-37401 * Unprotected transport of credentials (CWE-523) - CVE-2021-20826 * Plaintext storage of a password (CWE-256) - CVE-2021-20827 Khalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported the case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html",
  "dc:date": "2022-01-11T16:36+09:00",
  "dcterms:issued": "2021-12-27T16:54+09:00",
  "dcterms:modified": "2022-01-11T16:36+09:00",
  "description": "Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.\r\n\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-37400\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-37401\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-20826\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-20827\r\n\r\nKhalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported\r\nthe case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:idec:data_file_manager",
      "@product": "Data File Manager",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:idec:windedit",
      "@product": "WindEDIT Lite",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:idec:windldr",
      "@product": "WindLDR",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:idec:ft1a_smartaxix_pro_firmware",
      "@product": "FT1A Controller SmartAXIS Pro/Lite",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:idec:microsmart_fc6a_firmware",
      "@product": "FC6A MICROSmart All-in-One CPU Module",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:idec:microsmart_fc6b_firmware",
      "@product": "FC6B MICROSmart All-in-One CPU Module",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:idec:microsmart_plus_fc6a_firmware",
      "@product": "FC6A MICROSmart Plus CPU Module",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:idec:microsmart_plus_fc6b_firmware",
      "@product": "FC6B MICROSmart Plus CPU Module",
      "@vendor": "IDEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.6",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-006117",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92279973/index.html",
      "@id": "JVNVU#92279973",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37400",
      "@id": "CVE-2021-37400",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37401",
      "@id": "CVE-2021-37401",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20826",
      "@id": "CVE-2021-20826",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20827",
      "@id": "CVE-2021-20827",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20826",
      "@id": "CVE-2021-20826",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20827",
      "@id": "CVE-2021-20827",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37400",
      "@id": "CVE-2021-37400",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37401",
      "@id": "CVE-2021-37401",
      "@source": "NVD"
    },
    {
      "#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03",
      "@id": "ICSA-22-006-03",
      "@source": "ICS-CERT ADVISORY"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/256.html",
      "@id": "CWE-256",
      "@title": "Unprotected Storage of Credentials(CWE-256)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/523.html",
      "@id": "CWE-523",
      "@title": "Unprotected Transport of Credentials(CWE-523)"
    }
  ],
  "title": "Multiple vulnerabilities in IDEC PLCs"
}