PT-2023-18705 · Ls Electric · Ls Electric Xbc-Dn32U

Heea Go

Published

2023-02-15

Updated

2023-02-24

CVE-2023-22803

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions LS ELECTRIC XBC-DN32U version 01.80

Description The issue is related to missing authentication for critical functions in the PLC, which could allow an attacker to change the PLC's mode arbitrarily.

Recommendations For LS ELECTRIC XBC-DN32U version 01.80, consider implementing authentication mechanisms to restrict access to critical functions until a patch is available. As a temporary workaround, restrict access to the PLC to minimize the risk of exploitation.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2023-22803

Affected Products

Ls Electric Xbc-Dn32U

PT-2023-18705 · Ls Electric · Ls Electric Xbc-Dn32U

CVE-2023-22803

Weakness Enumeration

Related Identifiers

Affected Products

References · 5