ICSA-22-228-02 · Published 2022-11-14 · View on CISA ICS-CERT ↗

LS ELECTRIC PLC and XG5000 (Update A)

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to decrypt credentials and gain full access to the affected programmable logic controller (PLC).

CVEs (1)

CVE-2022-2758

Remediations

LS ELECTRIC recommends that affected users update the firmware of LS ELECTRIC PLC and XG5000 to the newest version available:
LS ELECTRIC PLC: Contact the LS ELECTRIC Technical Center (Worldwide or South Korea) to upgrade the firmware.
LS ELECTRIC XG5000: Upgrade to version 4.0 or later. Visit LS ELECTRIC Download Center (Worldwide or South Korea) to download the upgrade.

Affected Vendors

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd

Affected Products (7)

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd · XGK-CPUU/H/A/S/E <V3.50

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd · XGI-CPUU/UD/H/S/E <V3.20

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd · XGR-CPUH <V1.80

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd · XGB-XBMS <V3.00

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd · XGB-XBCH <V1.90

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd · XGB-XECH <V1.30

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd · XG5000 <V4.0

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more