ICSA-23-040-02 · Published 2023-02-09 · View on CISA ICS-CERT ↗

LS ELECTRIC XBC-DN32U

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to steal Programmable Logic Controller (PLC) information, cause users to lose communication with the PLC, modify PLC code, obtain credentials, and create a denial-of-service condition.

CVEs (7)

CVE-2023-22803 CVE-2023-22804 CVE-2023-22805 CVE-2023-22806 CVE-2023-22807 CVE-2023-0102 CVE-2023-0103

Remediations

Restrict communication to the PLC to only trusted IP addresses and trusted devices by enabling the “Host Table” option in the configuration window of the PLC.

Affected Vendors

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd-

Affected Products (1)

LS ELECTRIC, LS Industrial Systems (LSIS) Co. Ltd- · XBC-DN32U 1.8

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more