CVE-2023-22803

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ls-electric:xbc-dn32u_firmware:01.80:*:*:*:*:*:*:*
cpe:2.3:h:ls-electric:xbc-dn32u:-:*:*:*:*:*:*:*

History

07 Nov 2023, 04:07

Type Values Removed Values Added
Summary LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily. LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.

Information

Published : 2023-02-15 18:15

Updated : 2024-02-28 19:51


NVD link : CVE-2023-22803

Mitre link : CVE-2023-22803

CVE.ORG link : CVE-2023-22803


JSON object : View

Products Affected

ls-electric

  • xbc-dn32u_firmware
  • xbc-dn32u
CWE
CWE-306

Missing Authentication for Critical Function