Multiple vulnerabilities in LS ELECTRIC XBC-DN32U PLC performance module
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2023-22803 CVE-2023-22804 CVE-2023-22805 CVE-2023-22806 CVE-2023-22807 CVE-2023-0102 CVE-2023-0103 |
| CWE-ID | CWE-306 CWE-284 CWE-319 CWE-940 CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
XBC-DN32U Hardware solutions / Firmware |
| Vendor | LS Electric |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Missing Authentication for Critical Function
EUVDB-ID: #VU72113
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-22803
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate PLC configuration.
The vulnerability exists due to missing authorization. A remote attacker can send a specially crafted request and set PLC to an mode mode.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXBC-DN32U: 01.80
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/icsa-23-040-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authentication for Critical Function
EUVDB-ID: #VU72114
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-22804
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to missing authorization. A remote non-authenticated attacker can send a specially crafted request to the device, create an administrative account and take full control over the device.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXBC-DN32U: 01.80
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/icsa-23-040-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU72115
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-22805
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to deny access to users.
The vulnerability exists due to improper access restrictions. A remote attacker can disable read access to device users.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXBC-DN32U: 01.80
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/icsa-23-040-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cleartext transmission of sensitive information
EUVDB-ID: #VU72116
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-22806
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software uses insecure communication channel (own unencrypted XGT protocol) to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXBC-DN32U: 01.80
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/icsa-23-040-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Verification of Source of a Communication Channel
EUVDB-ID: #VU72117
Risk: High
CVSSv4.0: 6.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-22807
CWE-ID:
CWE-940 - Improper Verification of Source of a Communication Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of XGT protocol for communication purposes with PLC. A remote attacker can perform MitM attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXBC-DN32U: 01.80
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/icsa-23-040-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU72118
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-0102
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to delete arbitrary files on the device.
The vulnerability exists due to improper access restrictions. A remote attacker can send a specially crafted request and delete arbitrary files on the device.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXBC-DN32U: 01.80
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/icsa-23-040-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU72119
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-0103
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can send specially crafted data to the device, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsXBC-DN32U: 01.80
CPE2.3 External linkshttps://ics-cert.us-cert.gov/advisories/icsa-23-040-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
