CVE-2023-22807

Name of the Vulnerable Software and Affected Versions LS ELECTRIC XBC-DN32U version 01.80

Description The issue is related to inadequate access control to the PLC over its internal XGT protocol. An attacker could potentially control and tamper with the PLC by sending specially crafted packets to the PLC over its XGT protocol. This could allow a remote attacker to gain control and manage the controller's operation.

Recommendations For LS ELECTRIC XBC-DN32U version 01.80, consider restricting access to the XGT protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to send packets to the PLC over its XGT protocol. At the moment, there is no information about a newer version that contains a fix for this vulnerability.