ID
VAR-202302-0671
CVE
CVE-2023-22807
TITLE
ls-electric of xbc-dn32u Firmware vulnerabilities
Trust: 0.8
DESCRIPTION
LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol. ls-electric of xbc-dn32u There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. LS ELECTRIC XBC-DN32U is a PLC programmable logic controller produced by LS ELECTRIC in Korea
Trust: 2.25
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | ls electric | model: | xbc-dn32u | scope: | eq | version: | 01.80 | Trust: 1.0 |
| vendor: | ls electric | model: | xbc-dn32u | scope: | eq | version: | xbc-dn32u firmware 01.80 | Trust: 0.8 |
| vendor: | ls electric | model: | xbc-dn32u | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | ls electric | model: | xbc-dn32u | scope: | - | version: | - | Trust: 0.8 |
| vendor: | ls | model: | electric xbc-dn32u | scope: | eq | version: | 01.80 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-284 | Trust: 1.0 |
| problemtype: | Lack of information (CWE-noinfo) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
access control error
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-22807 | Trust: 3.9 |
| db: | ICS CERT | id: | ICSA-23-040-02 | Trust: 3.1 |
| db: | JVN | id: | JVNVU97136726 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2023-004158 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2023-21677 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202302-1269 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2023-22807 | Trust: 0.1 |
REFERENCES
| url: | https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02 | Trust: 3.1 |
| url: | https://jvn.jp/vu/jvnvu97136726/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2023-22807 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2023-22807/ | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2023-21677 |
| db: | VULMON | id: | CVE-2023-22807 |
| db: | JVNDB | id: | JVNDB-2023-004158 |
| db: | CNNVD | id: | CNNVD-202302-1269 |
| db: | NVD | id: | CVE-2023-22807 |
LAST UPDATE DATE
2024-08-14T13:42:05.104000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2023-21677 | date: | 2023-03-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004158 | date: | 2023-10-26T04:54:00 |
| db: | CNNVD | id: | CNNVD-202302-1269 | date: | 2023-02-27T00:00:00 |
| db: | NVD | id: | CVE-2023-22807 | date: | 2023-11-07T04:07:25.663 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2023-21677 | date: | 2023-03-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2023-004158 | date: | 2023-10-26T00:00:00 |
| db: | CNNVD | id: | CNNVD-202302-1269 | date: | 2023-02-15T00:00:00 |
| db: | NVD | id: | CVE-2023-22807 | date: | 2023-02-15T18:15:12.087 |