Deneut Tijl

**Name of the Vulnerable Software and Affected Versions** Phoenix Contact ILC PLCs (affected versions not specified) **Description** The issue concerns the storage and transfer of passwords in clear text due to the configuration of the password macro in Webvisit. This macro is intended to protect HMI pages on the PLC against unauthorized access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modicon M241 versions prior to 4.0.5.11 Modicon M251 versions prior to 4.0.5.11 **Description** A Use of Insufficiently Random Values issue was discovered, where the session numbers generated by the web application lack randomization and are shared between several users. This may allow a current session to be compromised. **Recommendations** For Modicon M241 versions prior to 4.0.5.11, update to version 4.0.5.11 or later to resolve the issue. For Modicon M251 versions prior to 4.0.5.11, update to version 4.0.5.11 or later to resolve the issue.