Main Vulnerability Database Vulnerabilities #VU66585

#VU66585 Inadequate Encryption Strength in LS Electric PLC and XG5000 - CVE-2022-2758

Published: August 17, 2022

Vulnerability identifier: #VU66585

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-2758

CWE-ID: CWE-326

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LS Electric PLC
XG5000

Software vendor:
LS Electric

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. A remote attacker can identify and decrypt the affected PLC’s password by sniffing the traffic.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-22-228-02

#VU66585 Inadequate Encryption Strength in LS Electric PLC and XG5000 - CVE-2022-2758

Description

Remediation

External links

Please verify you're human