ICSA-24-263-02 · Published 2026-02-18 · View on CISA ICS-CERT ↗

IDEC Products (Update A)

CVSS 5.3 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain user authentication information or disrupt communication.

CVE-2024-41927 CVE-2024-28957

Apply the appropriate software update according to the information provided by the developer:
FC6A Series MICROSmart All-in-One CPU module: Ver.2.70 and later
FC6B Series MICROSmart All-in-One CPU module: Ver.2.70 and later
FC6A Series MICROSmart Plus CPU module: Ver.2.50 and later
FC6B Series MICROSmart Plus CPU module: Ver.2.70 and later
FT1A Series SmartAXIS Pro/Lite: Ver.2.50 and later
For more information, reference the IDEC Corporation advisory:
Vulnerabilities regarding plaintext transmission of sensitive information and predictable ID usage(https://us.idec.com/media/24-RD-0256-EN-b.pdf)
SX8R Bus Coupler Module: Ver.2.2.0 and later

IDEC Corporation

IDEC Corporation · FC6A Series MICROSmart All-in-One CPU module <=Ver.2.60

IDEC Corporation · FC6B Series MICROSmart All-in-One CPU module <=Ver.2.60

IDEC Corporation · FC6A Series MICROSmart Plus CPU module <=Ver.2.40

IDEC Corporation · FC6B Series MICROSmart Plus CPU module <=Ver.2.60

IDEC Corporation · FT1A Series SmartAXIS Pro/Lite <=Ver.2.41

IDEC Corporation · SX8R Bus Coupler Module <=Ver.2.1.0

Critical Manufacturing, Energy, Food and Agriculture, Transportation Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.