IDEC PLCs, which are crucial for automation across industries like food and agriculture, critical manufacturing, energy, and transportation, are affected by two significant vulnerabilities. These flaws, identified in the FC6A, FC6B, and FT1A series of PLCs, could allow remote attackers to exploit system weaknesses. The first vulnerability involves cleartext transmission of sensitive information, which could expose user authentication details to unauthorized parties. The second vulnerability stems from the generation of predictable identifiers, which may lead to disruptions in communication between devices. Both vulnerabilities pose a risk to the integrity and operation of industrial control systems globally, with potential consequences including malfunction or denial-of-service (DoS) attacks.
The vulnerabilities, CVE-2024-41927 and CVE-2024-28957, have been assigned CVSS base scores of 4.6 and 5.3, respectively, indicating a moderate level of risk. Exploiting the first flaw, which involves transmitting sensitive data in cleartext, could allow attackers to intercept and obtain authentication information. The second vulnerability, caused by predictable identifiers, might enable attackers to disrupt communication between control system devices. Although no public exploitation of these vulnerabilities has been reported yet, the flaws still represent a potential security threat to systems relying on these outdated PLC models.
To address these vulnerabilities, IDEC Corporation has recommended that users update their firmware to the latest versions. Affected products, including the FC6A and FC6B Series MICROSmart modules, as well as the FT1A Series SmartAXIS Pro/Lite, must be upgraded to newer firmware versions that correct the flaws. The latest firmware releases include versions 2.70 for the FC6A and FC6B Series and version 2.50 for the FT1A Series. By applying these updates, users can mitigate the risk of exploitation and enhance the overall security of their PLC systems.
Additionally, CISA (Cybersecurity and Infrastructure Security Agency) advises users to implement best practices for network security to minimize the risk of these vulnerabilities being exploited. Recommendations include limiting network exposure for control systems, using secure remote access methods like Virtual Private Networks (VPNs), and ensuring that control system devices are not accessible from the internet. CISA also emphasizes the importance of conducting thorough risk assessments and impact analyses before implementing any defensive measures. By following these guidelines, organizations can proactively defend against potential cyber threats targeting their industrial control systems.
Reference:
