A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.