CVE-2023-22806 - Vulnerability Details - OpenCVE

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ls-electric	Xbc-dn32u Xbc-dn32u Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ls-electric:xbc-dn32u_firmware:01.80:*:*:*:*:*:*:*

cpe:2.3:h:ls-electric:xbc-dn32u:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-26918	LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.

Fixes

Solution

No solution given by the vendor.

Workaround

LS ELECTRIC is developing mitigations (to be released tentatively by the end of 2023) and recommends users follow the provided workarounds to reduce the risk of exploitation: * Restrict communication to the PLC to only trusted IP addresses and trusted devices by enabling the “Host Table” option in the configuration window of the PLC.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02

History

Thu, 16 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-02-15T17:28:53.471Z

Updated: 2025-01-16T21:56:27.143Z

Reserved: 2023-01-06T18:49:55.855Z

Link: CVE-2023-22806

Vulnrichment

Updated: 2024-08-02T10:20:31.054Z

NVD

Status : Modified

Published: 2023-02-15T18:15:12.003

Modified: 2024-11-21T07:45:27.383

Link: CVE-2023-22806

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22806", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-01-06T18:49:55.855Z", "datePublished": "2023-02-15T17:28:53.471Z", "dateUpdated": "2025-01-16T21:56:27.143Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "XBC-DN32U", "vendor": "LS Electric", "versions": [{"status": "affected", "version": "Operating System Version 01.80"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HeeA Go of Dankook University reported these vulnerabilities"}], "datePublic": "2023-02-09T21:04:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.</p>"}], "value": "LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-15T17:28:53.471Z"}, "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02"}], "source": {"discovery": "EXTERNAL"}, "title": "CVE-2023-22806", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<p>LS ELECTRIC is developing mitigations (to be released tentatively by the end of 2023) and recommends users follow the provided workarounds to reduce the risk of exploitation: </p><ul><li>Restrict communication to the PLC to only trusted IP addresses and trusted devices by enabling the \u201cHost Table\u201d option in the configuration window of the PLC. </li></ul>\n\n<br>"}], "value": "\nLS ELECTRIC is developing mitigations (to be released tentatively by the end of 2023) and recommends users follow the provided workarounds to reduce the risk of exploitation: \n\n * Restrict communication to the PLC to only trusted IP addresses and trusted devices by enabling the \u201cHost Table\u201d option in the configuration window of the PLC. \n\n\n\n\n\n"}], "x_generator": {"engine": "VINCE 2.0.6", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-22806"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.054Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-16T20:56:40.532393Z", "id": "CVE-2023-22806", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T21:56:27.143Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:20:31.054Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-22806", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-16T20:56:40.532393Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-16T20:56:42.446Z"}}], "cna": {"title": "CVE-2023-22806", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "HeeA Go of Dankook University reported these vulnerabilities"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LS Electric", "product": "XBC-DN32U", "versions": [{"status": "affected", "version": "Operating System Version 01.80"}], "defaultStatus": "unaffected"}], "datePublic": "2023-02-09T21:04:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02"}], "workarounds": [{"lang": "en", "value": "\nLS ELECTRIC is developing mitigations (to be released tentatively by the end of 2023) and recommends users follow the provided workarounds to reduce the risk of exploitation: \n\n * Restrict communication to the PLC to only trusted IP addresses and trusted devices by enabling the \u201cHost Table\u201d option in the configuration window of the PLC. \n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<p>LS ELECTRIC is developing mitigations (to be released tentatively by the end of 2023) and recommends users follow the provided workarounds to reduce the risk of exploitation: </p><ul><li>Restrict communication to the PLC to only trusted IP addresses and trusted devices by enabling the \u201cHost Table\u201d option in the configuration window of the PLC. </li></ul>\n\n<br>", "base64": false}]}], "x_generator": {"env": "prod", "engine": "VINCE 2.0.6", "origin": "https://cveawg.mitre.org/api/cve/CVE-2023-22806"}, "descriptions": [{"lang": "en", "value": "LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-02-15T17:28:53.471Z"}}}, "cveMetadata": {"cveId": "CVE-2023-22806", "state": "PUBLISHED", "dateUpdated": "2025-01-16T21:56:27.143Z", "dateReserved": "2023-01-06T18:49:55.855Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2023-02-15T17:28:53.471Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ls-electric:xbc-dn32u_firmware:01.80:*:*:*:*:*:*:*", "matchCriteriaId": "242DFA36-841D-457E-B4B7-592A73993C76", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ls-electric:xbc-dn32u:-:*:*:*:*:*:*:*", "matchCriteriaId": "78A41BC8-F37E-41EE-BA99-AC992AC24F32", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.\n\n"}], "id": "CVE-2023-22806", "lastModified": "2024-11-21T07:45:27.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-15T18:15:12.003", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}