SB2022010709 - Multiple vulnerabilities in IDEC PLCs

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Unprotected Transport of Credentials (CVE-ID: CVE-2021-37400)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to password leakage. A remote attacker on the local network can obtain the user credentials from the communication between the PLC and the software.

2) Unprotected storage of credentials (CVE-ID: CVE-2021-37401)

The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote attacker on the local network can view contents of the configuration file and gain access to passwords for 3rd party integration.

3) Unprotected Transport of Credentials (CVE-ID: CVE-2021-20826)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to password leakage. A remote attacker on the local network can obtain the PLC web server user credentials from the communication between the PLC and the software.

4) Unprotected storage of credentials (CVE-ID: CVE-2021-20827)

The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote attacker on the local network can obtain the PLC web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards.

Remediation

Install update from vendor's website.

References

• https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer
• https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf
• https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A
• https://jvn.jp/en/vu/JVNVU92279973/