![]() 3.2.3 UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523Īn attacker may obtain the PLC web server user credentials from the communication between the PLC and the software. A CVSS v3 base score of 7.6 has been calculated the CVSS vector string is ( AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L). As a result, the PLC user program may be uploaded, altered, and/or downloaded.ĬVE-2021-37401 has been assigned to this vulnerability. 3.2.2 PLAINTEXT STORAGE OF A PASSWORD CWE-256Īn attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.ĬVE-2021-37400 has been assigned to this vulnerability. FT1A Controller SmartAXIS Pro/Lite: v2.31 and earlierģ.2 VULNERABILITY OVERVIEW 3.2.1 UNPROTECTED TRANSPORT OF CREDENTIALS CWE-523Īn attacker may obtain the user credentials from the communication between the PLC and the software.FC6B MICROSmart Plus CPU Module: v2.31 and earlier.FC6A MICROSmart Plus CPU Module: v1.91 and earlier. ![]() FC6B MICROSmart All-in-One CPU Module: v2.31 and earlier. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |