SB2022010709 - Multiple vulnerabilities in IDEC PLCs

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022010709

SB2022010709 - Multiple vulnerabilities in IDEC PLCs

Published: January 7, 2022

Security Bulletin ID SB2022010709
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Adjecent network
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Unprotected Transport of Credentials (CVE-ID: CVE-2021-37400)

CWE-ID: CWE-523 - Unprotected Transport of Credentials

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to password leakage. A remote attacker on the local network can obtain the user credentials from the communication between the PLC and the software.


2) Unprotected storage of credentials (CVE-ID: CVE-2021-37401)

CWE-ID: CWE-256 - Unprotected Storage of Credentials

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote attacker on the local network can view contents of the configuration file and gain access to passwords for 3rd party integration.


3) Unprotected Transport of Credentials (CVE-ID: CVE-2021-20826)

CWE-ID: CWE-523 - Unprotected Transport of Credentials

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to password leakage. A remote attacker on the local network can obtain the PLC web server user credentials from the communication between the PLC and the software.


4) Unprotected storage of credentials (CVE-ID: CVE-2021-20827)

CWE-ID: CWE-256 - Unprotected Storage of Credentials

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to other users' credentials.

The vulnerability exists due to application stored credentials in plain text in a configuration file on the system. A remote attacker on the local network can obtain the PLC web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards.


Remediation

Install update from vendor's website.

References