Vulnerabilities > CVE-2023-22807 - Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ls-electric

critical

NVD

Published: 2023-02-15

Updated: 2023-11-07

Summary

LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.

Vulnerable Configurations

Part	Description	Count
OS	Ls-Electric LS Electric XBC Dn32U Firmware 01.80	1
Hardware	Ls-Electric LS Electric XBC Dn32U -	1

References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02