CVE-2023-22804

Name of the Vulnerable Software and Affected Versions LS ELECTRIC XBC-DN32U version 01.80

Description The issue is related to the absence of authentication for a critical function in the programmable logic controller's software. This could allow a remote attacker to elevate their privileges and gain control of the device by creating an account with elevated privileges.

Recommendations For LS ELECTRIC XBC-DN32U version 01.80, consider implementing authentication mechanisms to restrict access to critical functions, such as user creation on the PLC, until a patch is available. As a temporary workaround, restrict access to the device to minimize the risk of exploitation.