MidnightBSD

Advisories for ls-electric

CVE-2022-2758

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Products Affected

Vendor Product Version
ls-electric xbc-dn64h_firmware -
ls-electric xec-dr30su_firmware -
ls-electric xbc-dp10e_firmware -
ls-electric xbc-dp14e_firmware -
ls-electric xbo-rd01a_firmware -
ls-electric xgi-d22a_firmware -
ls-electric xbe-ac08a_firmware -
ls-electric xbm-dp32h2_firmware -
ls-electric xec-dr64h_firmware -
ls-electric xbf-ad04c_firmware -
ls-electric xbc-dn60su_firmware -
ls-electric xgf-soea_firmware -
ls-electric xbf-pn04b_firmware -
ls-electric xec-dn(p)32u_firmware -
ls-electric xbo-m2mb_firmware -
ls-electric xbc-dr14e_firmware -
ls-electric xem-dp32hp_firmware -
ls-electric xbe-tn16a_firmware -
ls-electric xec-dn(p)32u/dc_firmware -
ls-electric xec-dn32h_firmware -
ls-electric xbo-dc04a_firmware -
ls-electric k80s_firmware -
ls-electric xec-dn30su_firmware -
ls-electric xbe-ry08a_firmware -
ls-electric xgr-cpuh/s_firmware -
ls-electric xbe-dc16a_firmware -
ls-electric xec-dr32h/d1_firmware -
ls-electric xec-dn10e_firmware -
ls-electric xbc-dn20e_firmware -
ls-electric xgq-ry1a_firmware -
ls-electric xbe-dn32a_firmware -
ls-electric xgf-pd4h_firmware -
ls-electric xbc-dr20su_firmware -
ls-electric xgr-cpuh/t_firmware -
ls-electric xec-dp60su_firmware -
ls-electric xec-dr20su_firmware -
ls-electric xgq-ss2a_firmware -
ls-electric xec-dr28u/dc_firmware -
ls-electric xgf-pn8a_firmware -
ls-electric xgf-po2h_firmware -
ls-electric xbc-dn30su_firmware -
ls-electric xec-dn40su_firmware -
ls-electric xgf-po3h_firmware -
ls-electric xbc-dr60su_firmware -
ls-electric xbc-dp20su_firmware -
ls-electric xbc-dp30su_firmware -
ls-electric xbc-dr28ua_firmware -
ls-electric gm7_firmware -
ls-electric xbc-dr28ua/dc_firmware -
ls-electric xbf-ad04a_firmware -
ls-electric xbe-ry16a_firmware -
ls-electric xbm-dn16s_firmware -
ls-electric xbc-dn(p)32ua/dc_firmware -
ls-electric xgk-cpuh_firmware -
ls-electric xbc-dn64h/dc_firmware -
ls-electric xbm-dp32hp_firmware -
ls-electric xgi-d28a_firmware -
ls-electric xec-dp30su_firmware -
ls-electric xec-dn(p)32up_firmware -
ls-electric xgf-rd4s_firmware -
ls-electric xbg-pn08b_firmware -
ls-electric xgi-d24a_firmware -
ls-electric xec-dr60su_firmware -
ls-electric xgf-rd4a_firmware -
ls-electric xbe-dc32a_firmware -
ls-electric xgf-tc4s_firmware -
ls-electric xgq-ry2b_firmware -
ls-electric xbc-dr64h/dc_firmware -
ls-electric xbe-tp32a_firmware -
ls-electric xbc-dr30e_firmware -
ls-electric xbf-rd04a_firmware -
ls-electric xbc-dr30su_firmware -
ls-electric xec-dr32h_firmware -
ls-electric xec-dn14e_firmware -
ls-electric xbc-dn(p)32u/dc_firmware -
ls-electric xg5000 *
ls-electric xgf-pd3h_firmware -
ls-electric xgq-tr8a_firmware -
ls-electric xec-dp20su_firmware -
ls-electric xgf-po4h_firmware -
ls-electric xgq-tr8b_firmware -
ls-electric xec-dr28ua_firmware -
ls-electric xbc-dn40su_firmware -
ls-electric xgk-cpuhn_firmware -
ls-electric xgf-dc4s_firmware -
ls-electric xec-dp10e_firmware -
ls-electric xbc-dn10e_firmware -
ls-electric xgl-psea_firmware -
ls-electric xgl-c42b_firmware -
ls-electric xgf-rd8a_firmware -
ls-electric xbc-dn(p)32u_firmware -
ls-electric xgf-dl16a_firmware -
ls-electric xgf-hd2a_firmware -
ls-electric xec-dr40su_firmware -
ls-electric xbc-dr28up/dc_firmware -
ls-electric xbc-dn30e_firmware -
ls-electric xbe-ry08b_firmware -
ls-electric xgi-cpus_firmware -
ls-electric xbc-dr32h/dc_firmware -
ls-electric xec-dp14e_firmware -
ls-electric xec-dp20e_firmware -
ls-electric xec-dp30e_firmware -
ls-electric xgi-cpuun_firmware -
ls-electric xem-dn32hp_firmware -
ls-electric xbc-dr28u_firmware -
ls-electric xgk-cpuun_firmware -
ls-electric xgl-ch2b_firmware -
ls-electric xgf-po1h_firmware -
ls-electric xgi-d24b_firmware -
ls-electric xgl-dmeb_firmware -
ls-electric xbm-dp16s_firmware -
ls-electric xgf-ac4h_firmware -
ls-electric xbc-dp40su_firmware -
ls-electric xbc-dr28up_firmware -
ls-electric xbo-rtca_firmware -
ls-electric xbo-tc02a_firmware -
ls-electric xgi-cpue_firmware -
ls-electric xgk-cpusn_firmware -
ls-electric xgi-d28b_firmware -
ls-electric xbf-tc04tt_firmware -
ls-electric xec-dr28up/dc_firmware -
ls-electric xec-dr10e_firmware -
ls-electric xec-dn(p)32ua_firmware -
ls-electric xec-dn20su_firmware -
ls-electric xgi-d21a_firmware -
ls-electric xec-dr28up_firmware -
ls-electric xbe-dr32a_firmware -
ls-electric xec-dn30e_firmware -
ls-electric xgq-tr4a_firmware -
ls-electric xgf-dc4a_firmware -
ls-electric xec-dr32h/di_firmware -
ls-electric xgf-dv4a_firmware -
ls-electric xbc-dn(p)32up_firmware -
ls-electric xgf-pd2h_firmware -
ls-electric xbc-dr40su_firmware -
ls-electric xgq-tr2a_firmware -
ls-electric xgf-ad16a_firmware -
ls-electric xbc-dn(p)32up/dc_firmware -
ls-electric xgi-cpuu_firmware -
ls-electric xbf-ad08a_firmware -
ls-electric xgf-pd1h_firmware -
ls-electric xbc-dn(p)32ua_firmware -
ls-electric xbe-dc16b_firmware -
ls-electric xgf-av8a_firmware -
ls-electric xbo-ah02a_firmware -
ls-electric xbo-tn04a_firmware -
ls-electric xem-dn32h2_firmware -
ls-electric xec-dr14e_firmware -
ls-electric xbf-hd02a_firmware -
ls-electric xbo-da02a_firmware -
ls-electric xgi-a21c_firmware -
ls-electric xbc-dp20e_firmware -
ls-electric xbe-tp16a_firmware -
ls-electric xbf-tc04rt_firmware -
ls-electric xbf-dc04a_firmware -
ls-electric xbc-dp30e_firmware -
ls-electric xbm-dn32s_firmware -
ls-electric xgi-a12a_firmware -
ls-electric xgf-pn4b_firmware -
ls-electric xgf-dv8a_firmware -
ls-electric xgl-psra_firmware -
ls-electric xgk-xpuh_firmware -
ls-electric xbe-dr16a_firmware -
ls-electric xgq-ry2a_firmware -
ls-electric xec-dn20e_firmware -
ls-electric xgi-cpuh_firmware -
ls-electric xgl-pmeb_firmware -
ls-electric xgf-dv4s_firmware -
ls-electric xbc-dr28u/dc_firmware -
ls-electric xec-dr64h/di_firmware -
ls-electric xgf-pn8b_firmware -
ls-electric xbm-dn32h2_firmware -
ls-electric xbo-ad02a_firmware -
ls-electric xbf-dc04c_firmware -
ls-electric xgf-m32e_firmware -
ls-electric xgi-a21a_firmware -
ls-electric xec-dn(p)32up/dc_firmware -
ls-electric xbg-pn04b_firmware -
ls-electric xgi-d22b_firmware -
ls-electric xgq-tr2b_firmware -
ls-electric xgk-cpua_firmware -
ls-electric xgf-ah6a_firmware -
ls-electric xbf-pd02a_firmware -
ls-electric xgq-tr1c_firmware -
ls-electric xgk-cpue_firmware -
ls-electric xbe-tp08a_firmware -
ls-electric xbm-dn32hp_firmware -
ls-electric xgf-ac8a_firmware -
ls-electric xbc-dr20e_firmware -
ls-electric xec-dr64h/d1_firmware -
ls-electric xgk-cpus_firmware -
ls-electric xec-dn(p)32ua/dc_firmware -
ls-electric xgi-cpuu/d_firmware -
ls-electric xec-dp40su_firmware -
ls-electric xec-dr28u_firmware -
ls-electric xec-dr30e_firmware -
ls-electric xgf-tc4ud_firmware -
ls-electric xbe-dc08a_firmware -
ls-electric xbf-pn08b_firmware -
ls-electric xec-dr28ua/dc_firmware -
ls-electric xbc-dn32h_firmware -
ls-electric xec-dn60su_firmware -
ls-electric xem-dp32h2_firmware -
ls-electric xbc-dr64h_firmware -
ls-electric k120s_firmware -
ls-electric xgl-efmfb_firmware -
ls-electric xbf-dv04a_firmware -
ls-electric xgl-c22b_firmware -
ls-electric xbf-tc04s_firmware -
ls-electric xbc-dr32h_firmware -
ls-electric xbc-dn32h/dc_firmware -
ls-electric xbe-tn08a_firmware -
ls-electric xbf-ah04a_firmware -
ls-electric xgk-cpuu_firmware -
ls-electric xgf-aw4s_firmware -
ls-electric xec-dp64h_firmware -
ls-electric xbe-tn32a_firmware -
ls-electric gm7u_firmware -
ls-electric xec-dr20e_firmware -
ls-electric xgf-tc4rt_firmware -
ls-electric xgl-efmtb_firmware -
ls-electric xgf-h08a_firmware -
ls-electric xec-dp32h_firmware -
ls-electric xgq-tr4b_firmware -
ls-electric xbc-dp60su_firmware -
ls-electric xec-dn64h_firmware -
ls-electric xgf-dc4h_firmware -
ls-electric xbf-ho02a_firmware -
ls-electric xgf-ho2a_firmware -
ls-electric xgf-dc8a_firmware -
ls-electric xgr-cpuh/f_firmware -
ls-electric xbc-dn20su_firmware -
ls-electric xbc-dr10e_firmware -
ls-electric xbf-dv04c_firmware -
ls-electric xbc-dn14e_firmware -
CVE-2023-0102

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
ls-electric xbc-dn32u_firmware 01.80
CVE-2023-0103

If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
ls-electric xbc-dn32u_firmware 01.80
CVE-2023-22803

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

Products Affected

Vendor Product Version
ls-electric xbc-dn32u_firmware 01.80
CVE-2023-22804

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

Products Affected

Vendor Product Version
ls-electric xbc-dn32u_firmware 01.80
CVE-2023-22805

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
ls-electric xbc-dn32u_firmware 01.80
CVE-2023-22806

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
ls-electric xbc-dn32u_firmware 01.80
CVE-2023-22807

LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
ls-electric xbc-dn32u_firmware 01.80