PT-2021-21634 · Idec · Data File Manager+6

Khalid Ansari

Published

2021-12-28

Updated

2022-01-07

CVE-2021-37400

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description An attacker may obtain user credentials from the communication between the Programmable Logic Controller (PLC) and the software. This could allow the PLC user program to be uploaded, altered, and/or downloaded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-37400

Affected Products

Data File Manager

Ft1A Smartaxix Lite Firmware

Ft1A Smartaxix Pro Firmware

Microsmart Plus Fc6A Firmware

Microsmart Plus Fc6B Firmware

Windedit

Windldr

PT-2021-21634 · Idec · Data File Manager+6

CVE-2021-37400

Weakness Enumeration

Related Identifiers

Affected Products

References · 7