CVE-2024-41927

CVE-2024-41927

Vendor Idec Corporation
Product FC6A Series MICROSmart All-in-One CPU module
Weakness CWE-319 · Cleartext transmission
Published September 4, 2024
Last update July 2, 2025

CVSS base score

What the vulnerability does

01Description

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.

Key dates

02Disclosure timeline

September 4, 2024 CVE published
July 2, 2025 Record updated