CVE-2022-2758

Name of the Vulnerable Software and Affected Versions LS Electric XG5000 software versions prior to V4.0 LS Electric PLCs: XGK-CPUU/H/A/S/E versions prior to V3.50 XGI-CPUU/UD/H/S/E versions prior to V3.20 XGR-CPUH versions prior to V1.80 XGB-XBMS versions prior to V3.00 XGB-XBCH versions prior to V1.90 XGB-XECH versions prior to V1.30

Description The issue concerns inadequate encryption of passwords during communication between the LS Electric XG5000 software and the affected PLCs. This allows an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC's communication traffic.

Recommendations For LS Electric XG5000 software versions prior to V4.0, update to version V4.0 or later. For XGK-CPUU/H/A/S/E versions prior to V3.50, update to version V3.50 or later. For XGI-CPUU/UD/H/S/E versions prior to V3.20, update to version V3.20 or later. For XGR-CPUH versions prior to V1.80, update to version V1.80 or later. For XGB-XBMS versions prior to V3.00, update to version V3.00 or later. For XGB-XBCH versions prior to V1.90, update to version V1.90 or later. For XGB-XECH versions prior to V1.30, update to version V1.30 or later.