IDEC CORPORATION WindLDR and WindO/I-NV4

Monitor5.9ICS-CERT ICSA-24-263-03Sep 19, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

WindLDR (≤v9.1.0) and WindO/I-NV4 (≤v3.0.1) store sensitive information in cleartext. An attacker with network access to these engineering workstations could read configuration files, credentials, and project data without authentication. IDEC has released updates: WindLDR v9.2.0 and WindO/I-NV4 v3.1.0.

What this means

What could happen

An attacker could access sensitive configuration, project files, and stored credentials from engineering workstations running these tools, potentially enabling them to modify PLC programs, understand system topology, or impersonate authorized users. The risk is elevated if credentials for field devices are stored in these files.

Who's at risk

Engineering teams using IDEC WindLDR or WindO/I-NV4 software on workstations. This affects any organization operating IDEC-controlled equipment (PLCs, HMIs) where these tools are used for programming, configuration, or project management. Risk is highest if credentials for field devices or production settings are stored in project files.

How it could be exploited

An attacker with network access to an engineering workstation running vulnerable WindLDR or WindO/I-NV4 versions can directly read cleartext sensitive information from configuration or project files. This does not require authentication or user interaction, only the ability to reach the workstation over the network.

Prerequisites

Network access (direct or lateral movement) to port or service used by WindLDR or WindO/I-NV4 on the engineering workstation
No credentials required; cleartext storage means files are readable if the attacker can access the file system or application data store

No authentication requiredLow complexity (high attack complexity noted but cleartext storage is inherently simple to exploit)Credentials and configuration data at riskEngineering workstations are often on shared networks with less oversight than production systems

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WindLDR: <=Ver.9.1.0≤ Ver.9.1.09.2.0

WindO/I-NV4: <=Ver.3.0.1≤ Ver.3.0.13.1.0

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate engineering workstations from the business network using a firewall and restrict access to authorized users only

HARDENINGImplement network segmentation to prevent direct access to engineering workstations from other networked areas

HARDENINGUse a VPN for any remote access to engineering workstations and keep VPN software patched

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WindLDR to version 9.2.0 or later

HOTFIXUpdate WindO/I-NV4 to version 3.1.0 or later

CVEs (1)

CVE-2024-41716

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/38700076-4c1d-4d1a-be1e-731665dbc816