1. Home
  2. CVE Database
  3. CVE-2024-41927
MEDIUM · 4.6

CVE-2024-41927

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained...

Vulnerability Description

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IdecKit-Fc6A-24-Kc Firmware<= 2.60
IdecKit-Fc6A-24-Kc-
IdecKit-Fc6A-24-Pc Firmware<= 2.60
IdecKit-Fc6A-24-Pc-
IdecKit-Fc6A-24-Ra Firmware<= 2.60
IdecKit-Fc6A-24-Ra-
IdecKit-Fc6A-24-Ra-Hg1G Firmware<= 2.60
IdecKit-Fc6A-24-Ra-Hg1G-
IdecKit-Fc6A-24-Ra-Hg2G-5Tn Firmware<= 2.60
IdecKit-Fc6A-24-Ra-Hg2G-5Tn-
IdecKit-Fc6A-24-Ra-Hg2G-5Tt Firmware<= 2.60
IdecKit-Fc6A-24-Ra-Hg2G-5Tt-
IdecKit-Fc6A-24-Rc-Hg1G Firmware<= 2.60
IdecKit-Fc6A-24-Rc-Hg1G-
IdecKit-Fc6A-24-Rc Firmware<= 2.60
IdecKit-Fc6A-24-Rc-
IdecKit-Fc6A-24-Rc-Hg2G-5Tn Firmware<= 2.60
IdecKit-Fc6A-24-Rc-Hg2G-5Tn-
IdecKit-Fc6A-24-Rc-Hg2G-5Tt Firmware<= 2.60
IdecKit-Fc6A-24-Rc-Hg2G-5Tt-

Related Weaknesses (CWE)

CWE-319

References

FAQ

What is CVE-2024-41927?

CVE-2024-41927 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained...

How severe is CVE-2024-41927?

CVE-2024-41927 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41927?

Check the references section above for vendor advisories and patch information. Affected products include: Idec Kit-Fc6A-24-Kc Firmware, Idec Kit-Fc6A-24-Kc, Idec Kit-Fc6A-24-Pc Firmware, Idec Kit-Fc6A-24-Pc, Idec Kit-Fc6A-24-Ra Firmware.