CVE-2024-41629 identifies a vulnerability in Texas Instruments Fusion Digital Power Designer version 7.10.1, where credentials are stored in plaintext on the local system. This flaw allows a local attacker with limited privileges (PR:L) to obtain sensitive information without requiring user interaction (UI:N). The vulnerability stems from improper handling of sensitive data, categorized under CWE-200, which involves exposure of sensitive information. The attack vector is local (AV:L), meaning the attacker must have access to the affected machine. The vulnerability impacts confidentiality significantly (C:H), while integrity (I:L) and availability (A:L) impacts are low. The software is used primarily in power electronics design and management, often in industrial and embedded systems. No patches or fixes have been released yet, and no known exploits are reported in the wild. The CVSS v3.1 base score is 6.6, indicating a medium severity level. The vulnerability could allow attackers to harvest credentials that might be used to escalate privileges or move laterally within a network if combined with other vulnerabilities or misconfigurations.

The primary impact of this vulnerability is the compromise of confidentiality due to exposure of plaintext credentials. If an attacker gains local access, they can extract sensitive information that could lead to further attacks such as privilege escalation or lateral movement within an organization’s network. This is particularly concerning in environments where Fusion Digital Power Designer is used to manage critical power systems, as attackers could leverage stolen credentials to disrupt operations or gain deeper access to industrial control systems. Although the vulnerability requires local access, the risk is elevated in environments with weak physical or remote access controls. The limited impact on integrity and availability reduces the likelihood of direct system manipulation or denial of service, but the exposure of credentials alone can have cascading effects on organizational security posture.

Organizations should immediately restrict local access to systems running Texas Instruments Fusion Digital Power Designer, ensuring only trusted personnel have access. Implement strict access controls and monitor local user activity for suspicious behavior. Encrypt sensitive files and credentials where possible, and avoid storing credentials in plaintext. Employ endpoint detection and response (EDR) tools to detect unauthorized local access attempts. Regularly audit systems for presence of plaintext credential files. Since no patches are currently available, organizations should engage with Texas Instruments for updates and apply any forthcoming patches promptly. Additionally, consider isolating systems running this software within segmented network zones to limit lateral movement if credentials are compromised. Educate users about the risks of local credential exposure and enforce strong physical security policies.