Khalid Ansari

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An attacker may obtain user credentials from the communication between the Programmable Logic Controller (PLC) and the software. This could allow the PLC user program to be uploaded, altered, and/or downloaded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An attacker may obtain user credentials from file servers, backup repositories, or ZLD files saved in SD cards. This could allow the PLC user program to be uploaded, altered, and/or downloaded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IDEC FC6A Series MICROSmart All-in-One CPU module versions 2.32 and earlier IDEC FC6A Series MICROSmart Plus CPU module versions 1.91 and earlier IDEC WindLDR versions 8.19.1 and earlier IDEC WindEDIT Lite versions 1.3.1 and earlier IDEC Data File Manager versions 2.12.1 and earlier Description: The issue allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software, resulting in complete access privileges to the PLC Web server. This may lead to manipulation of the PLC output and/or suspension of the PLC. Recommendations: For IDEC FC6A Series MICROSmart All-in-One CPU module versions 2.32 and earlier, update to a version later than 2.32 to resolve the issue. For IDEC FC6A Series MICROSmart Plus CPU module versions 1.91 and earlier, update to a version later than 1.91 to resolve the issue. For IDEC WindLDR versions 8.19.1 and earlier, update to a version later than 8.19.1 to resolve the issue. For IDEC WindEDIT Lite versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. For IDEC Data File Manager versions 2.12.1 and earlier, update to a version later than 2.12.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: IDEC FC6A Series MICROSmart All-in-One CPU module versions v2.32 and earlier IDEC FC6A Series MICROSmart Plus CPU module versions v1.91 and earlier WindLDR versions v8.19.1 and earlier WindEDIT Lite versions v1.3.1 and earlier Data File Manager versions v2.12.1 and earlier Description: A plaintext storage of a password issue allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. This could enable the attacker to access the PLC Web server, hijack the PLC, and potentially manipulate the PLC output or suspend the PLC. Recommendations: For IDEC FC6A Series MICROSmart All-in-One CPU module versions v2.32 and earlier, update to a version later than v2.32 to resolve the issue. For IDEC FC6A Series MICROSmart Plus CPU module versions v1.91 and earlier, update to a version later than v1.91 to resolve the issue. For WindLDR versions v8.19.1 and earlier, update to a version later than v8.19.1 to resolve the issue. For WindEDIT Lite versions v1.3.1 and earlier, update to a version later than v1.3.1 to resolve the issue. For Data File Manager versions v2.12.1 and earlier, update to a version later than v2.12.1 to resolve the issue.