Vulnerabilities > LS Electric
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-15 | CVE-2023-0102 | Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. | 9.1 |
| 2023-02-15 | CVE-2023-0103 | Access of Memory Location After End of Buffer vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. | 7.5 |
| 2023-02-15 | CVE-2023-22803 | Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. | 7.5 |
| 2023-02-15 | CVE-2023-22804 | Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. | 9.8 |
| 2023-02-15 | CVE-2023-22805 | Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. | 4.3 |
| 2023-02-15 | CVE-2023-22806 | Cleartext Transmission of Sensitive Information vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. | 7.5 |
| 2023-02-15 | CVE-2023-22807 | Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80 LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. | 9.8 |
| 2022-08-31 | CVE-2022-2758 | Inadequate Encryption Strength vulnerability in Ls-Electric products Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. | 5.9 |