CVE-2024-41927

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.

Published: 2024-09-03 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2024-41927 is rated Low Risk (20.2/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.15%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2024-41927

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.03% 0.15% +0.13%
2 2025-11-28 0.05% 0.03% -0.03%
3 2025-11-21 0.05%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2024-41927

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.6 3.1 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
0.9 3.6 [email protected]
4.6 3.1 MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:P)
Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
0.9 3.6 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2024-41927

Affected software / configurations for CVE-2024-41927

Vendor Product Version Raw CPE
idec kit-fc6a-24-kc_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-kc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-pc_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-pc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-ra_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-ra_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-ra-hg1g_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-ra-hg1g_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-ra-hg2g-5tn_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-ra-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-ra-hg2g-5tt_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-ra-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-rc-hg1g_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-rc-hg1g_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-rc_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-rc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-rc-hg2g-5tn_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-rc-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-24-rc-hg2g-5tt_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-24-rc-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c24r-hg2g-vhp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c24r-hg2g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c24r-hg3g-v8hp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c24r-hg3g-v8hp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c24r-hg3g-vahp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c24r-hg3g-vahp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c24r-hg4g-vhp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c24r-hg4g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c24r-hg5g-vhp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c24r-hg5g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-pc_firmware <= 2.6 cpe:2.3:o:idec:kit-fc6a-16-pc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-ra_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-ra_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-kc_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-kc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-ra-hg1g_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-ra-hg1g_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-ra-hg2g-5tn_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-ra-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-ra-hg2g-5tt_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-ra-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-rc_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-rc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-rc-hg2g-5tn_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-rc-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-rc-hg1g_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-rc-hg1g_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-rc-hg2g-5tt_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-rc-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-kd_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-kd_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-pd_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-pd_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c16r-hg2g-vhp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c16r-hg2g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c16r-hg3g-v8hp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c16r-hg3g-v8hp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c16r-hg3g-vahp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c16r-hg3g-vahp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-c16r-hg5g-vhp_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-c16r-hg5g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-16-rd_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-16-rd_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-40-kd_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-40-kd_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-40-pc_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-40-pc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-40-pd_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-40-pd_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-40-ra_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-40-ra_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-40-rd_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-40-rd_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-40-rc_firmware <= 2.60 cpe:2.3:o:idec:kit-fc6a-40-rc_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16p-hg1g_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16p-hg1g_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16p-hg2g-5tn_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16p-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16p-hg2g-5tt_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16p-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg2g-5tn_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg2g-5tn_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg2g-5tt_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg2g-5tt_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg3g-v8hp_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg3g-v8hp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg3g-vahp_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg3g-vahp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg4g-vhp_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg4g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg5g-vhp_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg5g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg1g_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg1g_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-d16r-hg2g-vhp_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-d16r-hg2g-vhp_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-p16-k_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-p16-k_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-p16-r_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-p16-r_firmware:*:*:*:*:*:*:*:*
idec kit-fc6a-p16-s_firmware <= 2.40 cpe:2.3:o:idec:kit-fc6a-p16-s_firmware:*:*:*:*:*:*:*:*
idec ft1a-h12ra_firmware <= 2.41 cpe:2.3:o:idec:ft1a-h12ra_firmware:*:*:*:*:*:*:*:*
idec ft1a-h24ra_firmware <= 2.41 cpe:2.3:o:idec:ft1a-h24ra_firmware:*:*:*:*:*:*:*:*
idec ft1a-h24rc_firmware <= 2.41 cpe:2.3:o:idec:ft1a-h24rc_firmware:*:*:*:*:*:*:*:*
idec ft1a-h12rc_firmware <= 2.41 cpe:2.3:o:idec:ft1a-h12rc_firmware:*:*:*:*:*:*:*:*
idec ft1a-b12ra_firmware <= 2.41 cpe:2.3:o:idec:ft1a-b12ra_firmware:*:*:*:*:*:*:*:*
idec ft1a-b24ra_firmware <= 2.41 cpe:2.3:o:idec:ft1a-b24ra_firmware:*:*:*:*:*:*:*:*
idec kit-smart-12-bac_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-12-bac_firmware:*:*:*:*:*:*:*:*
idec kit-smart-12-hac_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-12-hac_firmware:*:*:*:*:*:*:*:*
idec kit-smart-12-bdc_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-12-bdc_firmware:*:*:*:*:*:*:*:*
idec kit-smart-12-hdc_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-12-hdc_firmware:*:*:*:*:*:*:*:*
idec kit-smart-24-hac_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-24-hac_firmware:*:*:*:*:*:*:*:*
idec kit-smart-24-bac_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-24-bac_firmware:*:*:*:*:*:*:*:*
idec kit-smart-24-bdc_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-24-bdc_firmware:*:*:*:*:*:*:*:*
idec kit-smart-24-hdc_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-24-hdc_firmware:*:*:*:*:*:*:*:*
idec kit-smart-40-bac-r_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-40-bac-r_firmware:*:*:*:*:*:*:*:*
idec kit-smart-40-bdc-rk_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-40-bdc-rk_firmware:*:*:*:*:*:*:*:*
idec kit-smart-40-bdc-rs_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-40-bdc-rs_firmware:*:*:*:*:*:*:*:*
idec kit-smart-40-hac-r_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-40-hac-r_firmware:*:*:*:*:*:*:*:*
idec kit-smart-40-hdc-rk_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-40-hdc-rk_firmware:*:*:*:*:*:*:*:*
idec kit-smart-48-bac-k_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-48-bac-k_firmware:*:*:*:*:*:*:*:*
idec kit-smart-40-hdc-rs_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-40-hdc-rs_firmware:*:*:*:*:*:*:*:*
idec kit-smart-48-bac-s_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-48-bac-s_firmware:*:*:*:*:*:*:*:*
idec kit-smart-48-bdc-k_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-48-bdc-k_firmware:*:*:*:*:*:*:*:*
idec kit-smart-48-hac-k_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-48-hac-k_firmware:*:*:*:*:*:*:*:*
idec kit-smart-48-hac-s_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-48-hac-s_firmware:*:*:*:*:*:*:*:*
idec kit-smart-48-hdc-s_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-48-hdc-s_firmware:*:*:*:*:*:*:*:*
idec kit-smart-48-bdc-s_firmware <= 2.41 cpe:2.3:o:idec:kit-smart-48-bdc-s_firmware:*:*:*:*:*:*:*:*
idec ft1a-pc1_firmware <= 2.41 cpe:2.3:o:idec:ft1a-pc1_firmware:*:*:*:*:*:*:*:*

References for CVE-2024-41927

cvelogic Threat Intelligence