Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions 26 and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions 11 and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
R08sfcpu_firmware | Mitsubishielectric | * | * |