CVE-2021-37400
CRITICALIDEC Data File Manager - Insufficiently Protected Credentials
Title source: llmDescription
An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://us.idec.com/idec-us/en/USD/Programmable-Logic-Controller/Micro-PLC/FC6A-MicroSmart/c/MicroSmart_FC6A
Vendor Advisory x_refsource_misc
https://us.idec.com/idec-us/en/USD/Software-Downloads-Automation-Organizer
Vendor Advisory x_refsource_misc
https://www.idec.com/home/lp/pdf/2021-12-24-PLC.pdf
Third Party Advisory x_refsource_misc
https://jvn.jp/en/vu/JVNVU92279973/
Scores
CVSS v3
9.8
EPSS
0.0134
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (9)
idec/data_file_manager
< 2.12.1
idec/ft1a_smartaxix_lite_firmware
< 2.31
idec/ft1a_smartaxix_pro_firmware
< 2.31
idec/microsmart_fc6a_firmware
< 2.32
idec/microsmart_fc6b_firmware
< 2.31
idec/microsmart_plus_fc6a_firmware
< 1.91
idec/microsmart_plus_fc6b_firmware
< 2.31
idec/windedit
< 1.3.1
idec/windldr
< 8.19.1
Published
Dec 28, 2021
Tracked Since
Feb 18, 2026