Vulnerability Details CVE-2021-37401
An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://jvn.jp/en/vu/JVNVU92279973/
- https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A
- https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer
- https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf
- https://jvn.jp/en/vu/JVNVU92279973/
- https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A
- https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer
- https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf
Products affected by CVE-2021-37401
-
cpe:2.3:a:idec:data_file_manager:*
-
cpe:2.3:a:idec:windedit:*
-
cpe:2.3:a:idec:windldr:*
-
cpe:2.3:h:idec:ft1a_smartaxix_lite:-
-
cpe:2.3:h:idec:ft1a_smartaxix_pro:-
-
cpe:2.3:h:idec:microsmart_fc6a:-
-
cpe:2.3:h:idec:microsmart_fc6b:-
-
cpe:2.3:h:idec:microsmart_plus_fc6a:-
-
cpe:2.3:h:idec:microsmart_plus_fc6b:-
-
cpe:2.3:o:idec:ft1a_smartaxix_lite_firmware:*
-
cpe:2.3:o:idec:ft1a_smartaxix_pro_firmware:*
-
cpe:2.3:o:idec:microsmart_fc6a_firmware:-
-
cpe:2.3:o:idec:microsmart_fc6a_firmware:2.32
-
cpe:2.3:o:idec:microsmart_fc6b_firmware:-
-
cpe:2.3:o:idec:microsmart_fc6b_firmware:2.31
-
cpe:2.3:o:idec:microsmart_plus_fc6a_firmware:-
-
cpe:2.3:o:idec:microsmart_plus_fc6a_firmware:1.91
-
cpe:2.3:o:idec:microsmart_plus_fc6b_firmware:-
-
cpe:2.3:o:idec:microsmart_plus_fc6b_firmware:2.31