CVE-2022-2758
Published: Aug 31, 2022
Modified: Apr 16, 2025
CVSS v3.1
6.5
Description
Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.
| Vendor | Product | Versions |
|---|---|---|
LS Industrial Systems (LSIS) Co. Ltd LS Electric | XG5000 | affected All versions - < V4.0 |
LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XECH | affected All versions - < V1.30 |
LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XBCH | affected All versions - < V1.90 |
LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XBMS | affected All versions - < V3.00 |
LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGR-CPUH | affected All versions - < V1.80 |
LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGI-CPUU/UD/H/S/E | affected All versions - < V3.20 |
LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGK-CPUU/H/A/S/E | affected All versions - < V3.50 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now