Vulnerability Description
Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Idec | Microsmart Fc6A Firmware | <= 2.32 |
| Idec | Microsmart Fc6A | - |
| Idec | Microsmart Plus Fc6A Firmware | <= 1.91 |
| Idec | Microsmart Plus Fc6A | - |
| Idec | Data File Manager | <= 2.12.1 |
| Idec | Windedit | <= 1.3.1 |
| Idec | Windldr | <= 8.19.1 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU92279973/index.htmlThird Party Advisory
- https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdfVendor Advisory
- https://jvn.jp/en/vu/JVNVU92279973/index.htmlThird Party Advisory
- https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdfVendor Advisory
FAQ
What is CVE-2021-20827?
CVE-2021-20827 is a vulnerability with a CVSS score of 7.5 (HIGH). Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 an...
How severe is CVE-2021-20827?
CVE-2021-20827 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20827?
Check the references section above for vendor advisories and patch information. Affected products include: Idec Microsmart Fc6A Firmware, Idec Microsmart Fc6A, Idec Microsmart Plus Fc6A Firmware, Idec Microsmart Plus Fc6A, Idec Data File Manager.