IDEC CORPORATION WindLDR and WindO/I-NV4

View CSAF

1. EXECUTIVE SUMMARY

  • CVSS v3 5.9
  • ATTENTION: Exploitable remotely
  • Vendor: IDEC Corporation
  • Equipment: WindLDR, WindO/I-NV4
  • Vulnerability: Cleartext Storage of Sensitive Information

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of WindLDR and WindO/I-NV4 are affected:

  • WindLDR: Ver.9.1.0 and prior
  • WindO/I-NV4: Ver.3.0.1 and prior

3.2 Vulnerability Overview

3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312

The affected products are vulnerable to a cleartext vulnerability that could allow an attacker to obtain user authentication information.

CVE-2024-41716 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Food and Agriculture, Critical Manufacturing, Energy, Transportation
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Japan

3.4 RESEARCHER

Yuki Meguro of Toinx Co., Ltd. reported this vulnerability to IPA.

4. MITIGATIONS

Apply the appropriate software update according to the information provided by the developer:

  • WindLDR: Ver.9.2.0
  • WindO/I-NV4: Ver.3.1.0

For more information, reference the IDEC Corporation advisory:

Read the original article:

IDEC CORPORATION WindLDR and WindO/I-NV4