Details of VAR-202302-0672

ID

VAR-202302-0672

CVE

CVE-2023-22806

TITLE

ls-electric of xbc-dn32u Vulnerability in cleartext transmission of sensitive information in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-004159

DESCRIPTION

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials. ls-electric of xbc-dn32u A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information may be obtained. LS ELECTRIC XBC-DN32U is a PLC programmable logic controller produced by LS ELECTRIC in Korea

Trust: 2.25

sources: NVD: CVE-2023-22806 // JVNDB: JVNDB-2023-004159 // CNVD: CNVD-2023-21681 // VULMON: CVE-2023-22806

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-21681

AFFECTED PRODUCTS

vendor:	ls electric	model:	xbc-dn32u	scope:	eq	version:	01.80	Trust: 1.0
vendor:	ls electric	model:	xbc-dn32u	scope:	eq	version:	xbc-dn32u firmware 01.80	Trust: 0.8
vendor:	ls electric	model:	xbc-dn32u	scope:	eq	version:	-	Trust: 0.8
vendor:	ls electric	model:	xbc-dn32u	scope:	-	version:	-	Trust: 0.8
vendor:	ls	model:	electric xbc-dn32u	scope:	eq	version:	01.80	Trust: 0.6

sources: CNVD: CNVD-2023-21681 // JVNDB: JVNDB-2023-004159 // NVD: CVE-2023-22806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-22806
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2023-22806
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-22806
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2023-21681
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202302-1270
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-21681
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-22806
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2023-22806
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-21681 // JVNDB: JVNDB-2023-004159 // CNNVD: CNNVD-202302-1270 // NVD: CVE-2023-22806 // NVD: CVE-2023-22806

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.0
problemtype:	Sending important information in clear text (CWE-319) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-004159 // NVD: CVE-2023-22806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1270

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1270

EXTERNAL IDS

db:	NVD	id:	CVE-2023-22806	Trust: 3.9
db:	ICS CERT	id:	ICSA-23-040-02	Trust: 3.1
db:	JVN	id:	JVNVU97136726	Trust: 0.8
db:	JVNDB	id:	JVNDB-2023-004159	Trust: 0.8
db:	CNVD	id:	CNVD-2023-21681	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1270	Trust: 0.6
db:	VULMON	id:	CVE-2023-22806	Trust: 0.1

sources: CNVD: CNVD-2023-21681 // VULMON: CVE-2023-22806 // JVNDB: JVNDB-2023-004159 // CNNVD: CNNVD-202302-1270 // NVD: CVE-2023-22806

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02	Trust: 3.1
url:	https://jvn.jp/vu/jvnvu97136726/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-22806	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-22806/	Trust: 0.6

sources: CNVD: CNVD-2023-21681 // VULMON: CVE-2023-22806 // JVNDB: JVNDB-2023-004159 // CNNVD: CNNVD-202302-1270 // NVD: CVE-2023-22806

SOURCES

db:	CNVD	id:	CNVD-2023-21681
db:	VULMON	id:	CVE-2023-22806
db:	JVNDB	id:	JVNDB-2023-004159
db:	CNNVD	id:	CNNVD-202302-1270
db:	NVD	id:	CVE-2023-22806

LAST UPDATE DATE

2024-08-14T13:42:05.046000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-21681	date:	2023-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2023-004159	date:	2023-10-26T04:56:00
db:	CNNVD	id:	CNNVD-202302-1270	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2023-22806	date:	2023-11-07T04:07:25.573

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-21681	date:	2023-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2023-004159	date:	2023-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202302-1270	date:	2023-02-15T00:00:00
db:	NVD	id:	CVE-2023-22806	date:	2023-02-15T18:15:12.003