Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to upload, alter, and/or download the PLC user program. An attacker could also access the PLC web server and hijack the controllers, resulting in the manipulation and/or suspension of the PLC output.
Remediations
- FC6A MICROSmart All-in-One CPU Module: v2.40 and later
- FC6B MICROSmart All-in-One CPU Module: v2.40 and later
- FC6A MICROSmart Plus CPU Module: v2.00 and later
- FC6B MICROSmart Plus CPU Module: v2.40 and later
- FT1A Controller SmartAXIS Pro/Lite: v2.40 and later
- WindLDR: v8.20.0 and later
- WindEDIT Lite: v1.4.0 and later
- Data File Manager: v2.13.0 and later
- Restrict the network appropriately to prevent suspicious connections from untrusted devices
- Restrict the devices that can access PLCs
- Manage ZLD files appropriately
- For more information, refer to the information provided by the developer (document in Japanese).
Affected Vendors
IDEC
Affected Products (9)
IDEC
·
Data File Manager
<= 2.12.1
IDEC
·
FC6A MICROSmart All-in-One CPU Module
<= 2.32
IDEC
·
FC6A MICROSmart Plus CPU Module
<= 1.91
IDEC
·
FC6B MICROSmart All-in-One CPU Module
<= 2.31
IDEC
·
FC6B MICROSmart Plus CPU Module
<= 2.31
IDEC
·
FT1A Controller SmartAXIS Pro/Lite
<= 2.31
IDEC
·
WindEDIT
<= 1.3.1
IDEC
·
WindEDIT Lite
<= 1.3.1
IDEC
·
WindLDR
<= 8.19.1
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more