A cleartext transmission vulnerability in IDEC Corporation industrial control system (ICS) products allows attackers with physical access to obtain user authentication information. The vulnerability affects multiple CPU module series used in programmable logic controllers (PLCs) and related industrial automation equipment. CISA published the initial advisory on September 19, 2024, with subsequent updates [truncated]
IDEC Corporation WindLDR and WindO/I-NV4 contain a cleartext storage vulnerability that could allow an attacker to obtain user authentication information. The vulnerability affects WindLDR versions 9.1.0 and earlier, and WindO/I-NV4 versions 3.0.1 and earlier. CISA published advisory ICSA-24-263-03 on September 19, 2024, identifying this as a cleartext vulnerability with network attack vector, high attack [truncated]
