| Title | DELTA DVP-12SE PLC equipment and WPLSoft software information leakage vulnerability |
|---|
| Description | The PLC device used is Delta DVP-12SE PLC device, and the host computer software used is WPLSoft 2.51.
After using WPLSoft 2.51 and the DVP-12SE PLC device to connect using modbus, click different buttons of the host computer software to trigger different information. Disclosure of vulnerabilities.
There are two information disclosure vulnerabilities.
Open WPLSoft V2.51 software:
① Communication -> System Security Settings -> Password Function:
Set a password to the PLC device, and the password is transmitted in clear text, which is the first vulnerability to information leakage.
② Settings -> TC-01 Password Key Settings -> TC-01 Password Key Input
When the WPLSoft 2.51 software inputs the TC-01 password key to the PLC device, the password will be transmitted in plain text, which results in a second information leakage vulnerability.
|
|---|
| Source | ⚠️ https://drive.google.com/drive/folders/17nBJt3tejqipE_L-lMEhYXeGhG0eii-_?usp=drive_link |
|---|
| User | Anonymous User |
|---|
| Submission | 09/22/2023 09:29 (3 years ago) |
|---|
| Moderation | 10/09/2023 15:46 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 241584 [Delta Electronics WPLSoft 2.51 Modbus cleartext transmission] |
|---|
| Points | 20 |
|---|