CVE-2021-20827

Name of the Vulnerable Software and Affected Versions: IDEC FC6A Series MICROSmart All-in-One CPU module versions v2.32 and earlier IDEC FC6A Series MICROSmart Plus CPU module versions v1.91 and earlier WindLDR versions v8.19.1 and earlier WindEDIT Lite versions v1.3.1 and earlier Data File Manager versions v2.12.1 and earlier

Description: A plaintext storage of a password issue allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. This could enable the attacker to access the PLC Web server, hijack the PLC, and potentially manipulate the PLC output or suspend the PLC.

Recommendations: For IDEC FC6A Series MICROSmart All-in-One CPU module versions v2.32 and earlier, update to a version later than v2.32 to resolve the issue. For IDEC FC6A Series MICROSmart Plus CPU module versions v1.91 and earlier, update to a version later than v1.91 to resolve the issue. For WindLDR versions v8.19.1 and earlier, update to a version later than v8.19.1 to resolve the issue. For WindEDIT Lite versions v1.3.1 and earlier, update to a version later than v1.3.1 to resolve the issue. For Data File Manager versions v2.12.1 and earlier, update to a version later than v2.12.1 to resolve the issue.