LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.
History

Thu, 16 Jan 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-02-15T17:25:56.279Z

Updated: 2025-01-16T21:56:46.846Z

Reserved: 2023-01-06T18:49:55.855Z

Link: CVE-2023-22804

cve-icon Vulnrichment

Updated: 2024-08-02T10:20:31.334Z

cve-icon NVD

Status : Modified

Published: 2023-02-15T18:15:11.827

Modified: 2024-11-21T07:45:27.147

Link: CVE-2023-22804

cve-icon Redhat

No data.