1. EXECUTIVE SUMMARY
- CVSS v3 5.9
- ATTENTION: Exploitable remotely
- Vendor: IDEC Corporation
- Equipment: WindLDR, WindO/I-NV4
- Vulnerability: Cleartext Storage of Sensitive Information
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of WindLDR and WindO/I-NV4 are affected:
- WindLDR: Ver.9.1.0 and prior
- WindO/I-NV4: Ver.3.0.1 and prior
3.2 Vulnerability Overview
3.2.1 CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
The affected products are vulnerable to a cleartext vulnerability that could allow an attacker to obtain user authentication information.
CVE-2024-41716 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Food and Agriculture, Critical Manufacturing, Energy, Transportation
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Japan
3.4 RESEARCHER
Yuki Meguro of Toinx Co., Ltd. reported this vulnerability to IPA.
4. MITIGATIONS
Apply the appropriate software update according to the information provided by the developer:
- WindLDR: Ver.9.2.0
- WindO/I-NV4: Ver.3.1.0
For more information, reference the IDEC Corporation advisory: