Published:2024/08/30  Last Updated:2024/08/30

JVNVU#96959731
Multiple vulnerabilities in IDEC PLCs

Overview

IDEC PLCs (Programmable Logic Controllers) contain multiple vulnerabilities.

Products Affected

CVE-2024-41927

  • FC6A Series MICROSmart All-in-One CPU module Ver.2.60 and earlier
  • FC6B Series MICROSmart All-in-One CPU module Ver.2.60 and earlier
  • FC6A Series MICROSmart Plus CPU module Ver.2.40 and earlier
  • FC6B Series MICROSmart Plus CPU module Ver.2.60 and earlier
  • FT1A Series SmartAXIS Pro/Lite Ver.2.41 and earlier
CVE-2024-28957
  • FC6A Series MICROSmart All-in-One CPU module Ver.2.60 and earlier
  • FC6B Series MICROSmart All-in-One CPU module Ver.2.60 and earlier
  • FC6A Series MICROSmart Plus CPU module Ver.2.40 and earlier
  • FC6B Series MICROSmart Plus CPU module Ver.2.60 and earlier

Description

Multiple PLCs provided by IDEC Corporation contain multiple vulnerabilities listed below.

  • Cleartext transmission of sensitive information(CWE-319
    • CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 4.6
    • CVE-2024-41927
  • Generation of predictable identifiers(CWE-340
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 5.3
    • CVE-2024-28957
    • This vulnerability comes from Cente middleware used in the PLCs

Impact

  • If an attacker sends a specific command to PLC's serial communication port, the user's authentication information may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be operated unexpectedly (CVE-2024-41927)
  • An unauthenticated attacker may interfere communications by predicting some packet header IDs of the PLCs (CVE-2024-28957)

Solution

Update the System Software
Update the System Software to the latest version according to the information provided by the developer.
The developer has released the following versions that address the vulnerabilities.

  • FC6A Series MICROSmart All-in-One CPU module Ver.2.70
  • FC6B Series MICROSmart All-in-One CPU module Ver.2.70
  • FC6A Series MICROSmart Plus CPU module Ver.2.50
  • FC6B Series MICROSmart Plus CPU module Ver.2.70
  • FT1A Series SmartAXIS Pro/Lite Ver.2.50

Vendor Status

Vendor Link
IDEC Corporation Vulnerabilities in PLC regarding plaintext transmission of sensitive information and predictable ID usage (PDF)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

IDEC Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-41927
JVN iPedia