jvndb-2021-006117
Vulnerability from jvndb
Published
2021-12-27 16:54
Modified
2022-01-11 16:36
Severity ?
Summary
Multiple vulnerabilities in IDEC PLCs
Details
Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.
* Unprotected transport of credentials (CWE-523) - CVE-2021-37400
* Plaintext storage of a password (CWE-256) - CVE-2021-37401
* Unprotected transport of credentials (CWE-523) - CVE-2021-20826
* Plaintext storage of a password (CWE-256) - CVE-2021-20827
Khalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported
the case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU92279973/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37400 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37401 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20826 | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20827 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20826 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-20827 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-37400 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2021-37401 | |
| ICS-CERT ADVISORY | https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03 | |
| Unprotected Storage of Credentials(CWE-256) | https://cwe.mitre.org/data/definitions/256.html | |
| Unprotected Transport of Credentials(CWE-523) | https://cwe.mitre.org/data/definitions/523.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html",
"dc:date": "2022-01-11T16:36+09:00",
"dcterms:issued": "2021-12-27T16:54+09:00",
"dcterms:modified": "2022-01-11T16:36+09:00",
"description": "Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.\r\n\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-37400\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-37401\r\n* Unprotected transport of credentials (CWE-523) - CVE-2021-20826\r\n* Plaintext storage of a password (CWE-256) - CVE-2021-20827\r\n\r\nKhalid Ansari of FM Approvals reported these vulnerabilities to IDEC Corporation, and IDEC Corporation reported\r\nthe case to JPCERT/CC and coordinated in order to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-006117.html",
"sec:cpe": [
{
"#text": "cpe:/a:idec:data_file_manager",
"@product": "Data File Manager",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:idec:windedit",
"@product": "WindEDIT Lite",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:idec:windldr",
"@product": "WindLDR",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:ft1a_smartaxix_pro_firmware",
"@product": "FT1A Controller SmartAXIS Pro/Lite",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_fc6a_firmware",
"@product": "FC6A MICROSmart All-in-One CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_fc6b_firmware",
"@product": "FC6B MICROSmart All-in-One CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_plus_fc6a_firmware",
"@product": "FC6A MICROSmart Plus CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:idec:microsmart_plus_fc6b_firmware",
"@product": "FC6B MICROSmart Plus CPU Module",
"@vendor": "IDEC Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.6",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-006117",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92279973/index.html",
"@id": "JVNVU#92279973",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37400",
"@id": "CVE-2021-37400",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37401",
"@id": "CVE-2021-37401",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20826",
"@id": "CVE-2021-20826",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20827",
"@id": "CVE-2021-20827",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20826",
"@id": "CVE-2021-20826",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20827",
"@id": "CVE-2021-20827",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37400",
"@id": "CVE-2021-37400",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37401",
"@id": "CVE-2021-37401",
"@source": "NVD"
},
{
"#text": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-006-03",
"@id": "ICSA-22-006-03",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://cwe.mitre.org/data/definitions/256.html",
"@id": "CWE-256",
"@title": "Unprotected Storage of Credentials(CWE-256)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/523.html",
"@id": "CWE-523",
"@title": "Unprotected Transport of Credentials(CWE-523)"
}
],
"title": "Multiple vulnerabilities in IDEC PLCs"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.