CVE-2021-20826

Name of the Vulnerable Software and Affected Versions: IDEC FC6A Series MICROSmart All-in-One CPU module versions 2.32 and earlier IDEC FC6A Series MICROSmart Plus CPU module versions 1.91 and earlier IDEC WindLDR versions 8.19.1 and earlier IDEC WindEDIT Lite versions 1.3.1 and earlier IDEC Data File Manager versions 2.12.1 and earlier

Description: The issue allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software, resulting in complete access privileges to the PLC Web server. This may lead to manipulation of the PLC output and/or suspension of the PLC.

Recommendations: For IDEC FC6A Series MICROSmart All-in-One CPU module versions 2.32 and earlier, update to a version later than 2.32 to resolve the issue. For IDEC FC6A Series MICROSmart Plus CPU module versions 1.91 and earlier, update to a version later than 1.91 to resolve the issue. For IDEC WindLDR versions 8.19.1 and earlier, update to a version later than 8.19.1 to resolve the issue. For IDEC WindEDIT Lite versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. For IDEC Data File Manager versions 2.12.1 and earlier, update to a version later than 2.12.1 to resolve the issue.