CVE-2022-2758

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLCs communication traffic.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
icscertCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
ls-electricxg5000
*
ls-electricxgk-cpuun_firmware
-
ls-electricxgk-cpuhn_firmware
-
ls-electricxgk-cpusn_firmware
-
ls-electricxgk-cpuu_firmware
-
ls-electricxgk-cpuh_firmware
-
ls-electricxgk-cpua_firmware
-
ls-electricxgk-cpus_firmware
-
ls-electricxgk-cpue_firmware
-
ls-electricxgi-cpuun_firmware
-
ls-electricxgi-cpuu_firmware
-
ls-electricxgi-cpuh_firmware
-
ls-electricxgi-cpus_firmware
-
ls-electricxgi-cpue_firmware
-
ls-electricxgr-cpuh\/f_firmware
-
ls-electricxgr-cpuh\/t_firmware
-
ls-electricxgr-cpuh\/s_firmware
-
ls-electricxgi-d21a_firmware
-
ls-electricxgi-d22a_firmware
-
ls-electricxgi-d22b_firmware
-
ls-electricxgi-d24a_firmware
-
ls-electricxgi-d24b_firmware
-
ls-electricxgi-d28a_firmware
-
ls-electricxgi-d28b_firmware
-
ls-electricxgi-a12a_firmware
-
ls-electricxgi-a21a_firmware
-
ls-electricxgi-a21c_firmware
-
ls-electricxgq-ry1a_firmware
-
ls-electricxgq-ry2a_firmware
-
ls-electricxgq-ry2b_firmware
-
ls-electricxgq-tr1c_firmware
-
ls-electricxgq-tr2a_firmware
-
ls-electricxgq-tr2b_firmware
-
ls-electricxgq-tr4a_firmware
-
ls-electricxgq-tr4b_firmware
-
ls-electricxgq-tr8a_firmware
-
ls-electricxgq-tr8b_firmware
-
ls-electricxgq-ss2a_firmware
-
ls-electricxgf-av8a_firmware
-
ls-electricxgf-ac8a_firmware
-
ls-electricxgf-ad16a_firmware
-
ls-electricxgf-aw4s_firmware
-
ls-electricxgf-dv4a_firmware
-
ls-electricxgf-dc4a_firmware
-
ls-electricxgf-dv8a_firmware
-
ls-electricxgf-dc8a_firmware
-
ls-electricxgf-dv4s_firmware
-
ls-electricxgf-dc4s_firmware
-
ls-electricxgf-ah6a_firmware
-
ls-electricxgf-tc4s_firmware
-
ls-electricxgf-rd4a_firmware
-
ls-electricxgf-rd4s_firmware
-
ls-electricxgf-rd8a_firmware
-
ls-electricxgf-tc4ud_firmware
-
ls-electricxgf-tc4rt_firmware
-
ls-electricxgf-ho2a_firmware
-
ls-electricxgf-hd2a_firmware
-
ls-electricxgf-h08a_firmware
-
ls-electricxgf-ac4h_firmware
-
ls-electricxgf-dc4h_firmware
-
ls-electricxgf-soea_firmware
-
ls-electricxgf-dl16a_firmware
-
ls-electricxgf-m32e_firmware
-
ls-electricxgf-pn8a_firmware
-
ls-electricxgf-pn8b_firmware
-
ls-electricxgf-pn4b_firmware
-
ls-electricxgf-po1h_firmware
-
ls-electricxgf-po2h_firmware
-
ls-electricxgf-po3h_firmware
-
ls-electricxgf-po4h_firmware
-
ls-electricxgf-pd1h_firmware
-
ls-electricxgf-pd2h_firmware
-
ls-electricxgf-pd3h_firmware
-
ls-electricxgf-pd4h_firmware
-
ls-electricxgl-efmtb_firmware
-
ls-electricxgl-efmfb_firmware
-
ls-electricxgl-dmeb_firmware
-
ls-electricxgl-c22b_firmware
-
ls-electricxgl-ch2b_firmware
-
ls-electricxgl-c42b_firmware
-
ls-electricxgl-pmeb_firmware
-
ls-electricxgl-psea_firmware
-
ls-electricxgl-psra_firmware
-
ls-electricxgk-xpuh_firmware
-
ls-electricxgi-cpuu\/d_firmware
-
ls-electricxec-dn\(p\)32u_firmware
-
ls-electricxec-dr28u_firmware
-
ls-electricxec-dn\(p\)32up_firmware
-
ls-electricxec-dr28up_firmware
-
ls-electricxec-dn\(p\)32ua_firmware
-
ls-electricxec-dr28ua_firmware
-
ls-electricxec-dn\(p\)32u\/dc_firmware
-
ls-electricxec-dr28u\/dc_firmware
-
ls-electricxec-dn\(p\)32up\/dc_firmware
-
ls-electricxec-dr28up\/dc_firmware
-
ls-electricxec-dn\(p\)32ua\/dc_firmware
-
ls-electricxec-dr28ua\/dc_firmware
-
ls-electricxec-dr32h_firmware
-
ls-electricxec-dr64h_firmware
-
ls-electricxec-dn32h_firmware
-
ls-electricxec-dn64h_firmware
-
ls-electricxbc-dn\(p\)32u_firmware
-
ls-electricxbc-dr28u_firmware
-
ls-electricxbc-dn\(p\)32up_firmware
-
ls-electricxbc-dr28up_firmware
-
ls-electricxbc-dn\(p\)32ua_firmware
-
ls-electricxbc-dr28ua_firmware
-
ls-electricxbc-dn\(p\)32u\/dc_firmware
-
ls-electricxbc-dr28u\/dc_firmware
-
ls-electricxbc-dn\(p\)32up\/dc_firmware
-
ls-electricxbc-dr28up\/dc_firmware
-
ls-electricxbc-dn\(p\)32ua\/dc_firmware
-
ls-electricxbc-dr28ua\/dc_firmware
-
ls-electricxbc-dr32h_firmware
-
ls-electricxbc-dr64h_firmware
-
ls-electricxbc-dn32h_firmware
-
ls-electricxbc-dn64h_firmware
-
ls-electricxec-dp32h_firmware
-
ls-electricxec-dp64h_firmware
-
ls-electricxbc-dr32h\/dc_firmware
-
ls-electricxbc-dr64h\/dc_firmware
-
ls-electricxbc-dn32h\/dc_firmware
-
ls-electricxec-dr32h\/d1_firmware
-
ls-electricxec-dr64h\/d1_firmware
-
ls-electricxec-dr20su_firmware
-
ls-electricxec-dr30su_firmware
-
ls-electricxec-dr40su_firmware
-
ls-electricxec-dr60su_firmware
-
ls-electricxec-dn20su_firmware
-
ls-electricxec-dn30su_firmware
-
ls-electricxec-dn40su_firmware
-
ls-electricxec-dn60su_firmware
-
ls-electricxec-dp20su_firmware
-
ls-electricxec-dp30su_firmware
-
ls-electricxec-dp40su_firmware
-
ls-electricxec-dp60su_firmware
-
ls-electricxec-dr10e_firmware
-
ls-electricxec-dr14e_firmware
-
ls-electricxec-dr20e_firmware
-
ls-electricxec-dr30e_firmware
-
ls-electricxec-dn10e_firmware
-
ls-electricxec-dn14e_firmware
-
ls-electricxec-dn20e_firmware
-
ls-electricxec-dp10e_firmware
-
ls-electricxec-dp14e_firmware
-
ls-electricxec-dp20e_firmware
-
ls-electricxec-dp30e_firmware
-
ls-electricxbc-dr20su_firmware
-
ls-electricxbc-dr30su_firmware
-
ls-electricxbc-dr40su_firmware
-
ls-electricxbc-dr60su_firmware
-
ls-electricxbc-dn20su_firmware
-
ls-electricxbc-dn30su_firmware
-
ls-electricxbc-dn40su_firmware
-
ls-electricxbc-dn60su_firmware
-
ls-electricxbc-dp20su_firmware
-
ls-electricxbc-dp30su_firmware
-
ls-electricxbc-dp40su_firmware
-
ls-electricxbc-dp60su_firmware
-
ls-electricxbc-dr10e_firmware
-
ls-electricxbc-dr14e_firmware
-
ls-electricxbc-dr20e_firmware
-
ls-electricxbc-dr30e_firmware
-
ls-electricxbc-dn10e_firmware
-
ls-electricxbc-dn14e_firmware
-
ls-electricxbc-dn20e_firmware
-
ls-electricxbc-dp10e_firmware
-
ls-electricxbc-dp14e_firmware
-
ls-electricxbc-dp20e_firmware
-
ls-electricxbc-dp30e_firmware
-
ls-electricxem-dn32h2_firmware
-
ls-electricxem-dn32hp_firmware
-
ls-electricxem-dp32h2_firmware
-
ls-electricxem-dp32hp_firmware
-
ls-electricxbm-dn32h2_firmware
-
ls-electricxbm-dn32hp_firmware
-
ls-electricxbm-dp32h2_firmware
-
ls-electricxbm-dp32hp_firmware
-
ls-electricxbm-dp16s_firmware
-
ls-electricxbm-dn16s_firmware
-
ls-electricxbm-dn32s_firmware
-
ls-electricxbe-ac08a_firmware
-
ls-electricxbe-dc08a_firmware
-
ls-electricxbe-dc16a_firmware
-
ls-electricxbe-dc16b_firmware
-
ls-electricxbe-dc32a_firmware
-
ls-electricxbe-ry08a_firmware
-
ls-electricxbe-ry08b_firmware
-
ls-electricxbe-ry16a_firmware
-
ls-electricxbe-tn08a_firmware
-
ls-electricxbe-tn16a_firmware
-
ls-electricxbe-tn32a_firmware
-
ls-electricxbe-tp08a_firmware
-
ls-electricxbe-tp16a_firmware
-
ls-electricxbe-tp32a_firmware
-
ls-electricxbe-dr16a_firmware
-
ls-electricxbe-dr32a_firmware
-
ls-electricxbf-ad04a_firmware
-
ls-electricxbf-ad04c_firmware
-
ls-electricxbf-ah04a_firmware
-
ls-electricxbf-dv04a_firmware
-
ls-electricxbf-dv04c_firmware
-
ls-electricxbf-dc04a_firmware
-
ls-electricxbf-dc04c_firmware
-
ls-electricxbf-rd04a_firmware
-
ls-electricxbf-tc04s_firmware
-
ls-electricxbf-tc04tt_firmware
-
ls-electricxbf-tc04rt_firmware
-
ls-electricxbf-pd02a_firmware
-
ls-electricxbf-pn08b_firmware
-
ls-electricxbf-pn04b_firmware
-
ls-electricxbf-ad08a_firmware
-
ls-electricxbf-ho02a_firmware
-
ls-electricxbf-hd02a_firmware
-
ls-electricxbo-ad02a_firmware
-
ls-electricxbo-da02a_firmware
-
ls-electricxbo-ah02a_firmware
-
ls-electricxbo-tc02a_firmware
-
ls-electricxbo-rtca_firmware
-
ls-electricxbo-dc04a_firmware
-
ls-electricxbo-tn04a_firmware
-
ls-electricxbo-rd01a_firmware
-
ls-electricxbo-m2mb_firmware
-
ls-electricxec-dr32h\/di_firmware
-
ls-electricxec-dr64h\/di_firmware
-
ls-electricxbc-dn64h\/dc_firmware
-
ls-electricxbc-dn30e_firmware
-
ls-electricxec-dn30e_firmware
-
ls-electricxbe-dn32a_firmware
-
ls-electricxbg-pn04b_firmware
-
ls-electricxbg-pn08b_firmware
-
ls-electrick80s_firmware
-
ls-electrick120s_firmware
-
ls-electricgm7_firmware
-
ls-electricgm7u_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02