Vulnerabilities > LS Electric

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2023-0102 Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command.
network
low complexity
ls-electric CWE-306
critical
9.1
2023-02-15 CVE-2023-0103 Access of Memory Location After End of Buffer vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80
If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating.
network
low complexity
ls-electric CWE-788
7.5
2023-02-15 CVE-2023-22803 Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC.
network
low complexity
ls-electric CWE-306
7.5
2023-02-15 CVE-2023-22804 Missing Authentication for Critical Function vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC.
network
low complexity
ls-electric CWE-306
critical
9.8
2023-02-15 CVE-2023-22805 Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature.
network
low complexity
ls-electric
4.3
2023-02-15 CVE-2023-22806 Cleartext Transmission of Sensitive Information vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol.
network
low complexity
ls-electric CWE-319
7.5
2023-02-15 CVE-2023-22807 Unspecified vulnerability in Ls-Electric Xbc-Dn32U Firmware 01.80
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol.
network
low complexity
ls-electric
critical
9.8
2022-08-31 CVE-2022-2758 Inadequate Encryption Strength vulnerability in Ls-Electric products
Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co.
network
high complexity
ls-electric CWE-326
5.9