exploitDog

CVE-2024-41716

Опубликовано: 04 сент. 2024

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.

Ссылки

https://jvn.jp/en/jp/JVN08342147/
Third Party Advisory
https://us.idec.com/media/24-RD-0219-EN.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:idec:windldr:*:*:*:*:*:*:*:*

Версия до 9.2.0 (исключая)

cpe:2.3:a:idec:windo\/i-nv4:*:*:*:*:*:*:*:*

Версия до 3.1.0 (исключая)

EPSS

Процентиль: 63%

0.00455

Низкий

8.1 High

CVSS3

Дефекты

CWE-312

CWE-312

Связанные уязвимости

GHSA-pq2c-46q4-qwg3

CVSS3: 8.1

github

больше 1 года назад

Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.

EPSS

Процентиль: 63%

0.00455

Низкий

8.1 High

CVSS3

Дефекты

CWE-312

CWE-312