Login
Start Free Trial
Research Center
CVE-2021-37400 Research Center

CVE-2021-37400

An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.

  • 9.8 critical severity

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

  • 28/12/2021

Products 3

Da

Data File Manager

by Idec

1 Version

a year ago

Wi

Windedit

by Idec

1 Version

a year ago

Wi

Windldr

by Idec

1 Version

a year ago

Operating Systems 6

Mi

Microsmart Plus FC6B Firmware

by Idec

2 Versions

a year ago

Mi

Microsmart Plus FC6A Firmware

by Idec

2 Versions

a year ago

Mi

Microsmart FC6B Firmware

by Idec

2 Versions

a year ago

Mi

Microsmart FC6A Firmware

by Idec

2 Versions

a year ago

FT

FT1A Smartaxix Pro Firmware

by Idec

1 Version

a year ago

FT

FT1A Smartaxix Lite Firmware

by Idec

1 Version

a year ago

Vulnerability Categories 1

Insufficiently Protected Credentials

xTags 7

#easy_to_exploit
#critical_vulnerability
#known_vulnerability
#confidentiality_impact_if_exploited
#integrity_impact_if_exploited
#availability_impact_if_exploited
#new_vulnerability_published

Advisory Links 4

https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf
https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer
https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A
https://jvn.jp/en/vu/JVNVU92279973/
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By Paul Lighter
Jan 11, 2023

When the Target is Also the Threat

A software failure grounded thousands of flights today, raising a complicated question - how do you secure an unstable system? The answer has never been more urgent.
By Paul Lighter
Jan 06, 2023

The Uncomfortable Implications of the LastPass Attack

The recent attack on LastPass has people questioning if they can trust password managers. But there's a bigger issue lurking underneath - can you trust ANY security vendor?
By Paul Lighter
Nov 30, 2022

Online Casino Heist Shreds Confidence in Cybersecurity

Hackers recently swiped $300,000 from DraftKings accounts - and it was almost effortless. This attack will likely be forgotten by history. But it should be a wake-up call instead.
By Mohammad Hussam Alzeyyat
Nov 29, 2022

Ethernaut CTF - Vault Challenge

Here we are with the Vault challenge from Ethernaut CTF. We are going to be introduced to the NON Privacy on-chain and how we should not store secrets and critical information into variables even if we set the type of those variables as private. We will see how we can extract the values of those private variables.
By Mohammad Hussam Alzeyyat
Nov 18, 2022

DownUnderCTF 2022 Blockchain - Crypto Casino

In this blog, we are going to hack the casino contract of the DownUnderCTF 2022 challenges. There is a PRNG function that we are going to exploit it using a python script. Don't forget Hackers Gonna Hack!
last_chanse_04.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 14-day trial
Get a Demo
Start Free Trial!