Skip to main content

Xg5000 CVE-2022-2758

MEDIUM
Inadequate Encryption Strength (CWE-326)
2022-08-31 ics-cert@hq.dhs.gov
Information Disclosure Xg5000 Xgk Cpuun Firmware Xgk Cpuhn Firmware Xgk Cpusn Firmware Xgk Cpuu Firmware Xgk Cpuh Firmware Xgk Cpua Firmware Xgk Cpus Firmware Xgk Cpue Firmware Xgi Cpuun Firmware Xgi Cpuu Firmware Xgi Cpuh Firmware Xgi Cpus Firmware Xgi Cpue Firmware Xgr Cpuh F Firmware Xgr Cpuh T Firmware Xgr Cpuh S Firmware Xgi D21A Firmware Xgi D22A Firmware Xgi D22B Firmware Xgi D24A Firmware Xgi D24B Firmware Xgi D28A Firmware Xgi D28B Firmware Xgi A12A Firmware Xgi A21A Firmware Xgi A21C Firmware Xgq Ry1A Firmware Xgq Ry2A Firmware Xgq Ry2B Firmware Xgq Tr1C Firmware Xgq Tr2A Firmware Xgq Tr2B Firmware Xgq Tr4A Firmware Xgq Tr4B Firmware Xgq Tr8A Firmware Xgq Tr8B Firmware Xgq Ss2A Firmware Xgf Av8A Firmware Xgf Ac8A Firmware Xgf Ad16A Firmware Xgf Aw4S Firmware Xgf Dv4A Firmware Xgf Dc4A Firmware Xgf Dv8A Firmware Xgf Dc8A Firmware Xgf Dv4S Firmware Xgf Dc4S Firmware Xgf Ah6A Firmware Xgf Tc4S Firmware Xgf Rd4A Firmware Xgf Rd4S Firmware Xgf Rd8A Firmware Xgf Tc4Ud Firmware Xgf Tc4Rt Firmware Xgf Ho2A Firmware Xgf Hd2A Firmware Xgf H08A Firmware Xgf Ac4H Firmware Xgf Dc4H Firmware Xgf Soea Firmware Xgf Dl16A Firmware Xgf M32E Firmware Xgf Pn8A Firmware Xgf Pn8B Firmware Xgf Pn4B Firmware Xgf Po1H Firmware Xgf Po2H Firmware Xgf Po3H Firmware Xgf Po4H Firmware Xgf Pd1H Firmware Xgf Pd2H Firmware Xgf Pd3H Firmware Xgf Pd4H Firmware Xgl Efmtb Firmware Xgl Efmfb Firmware Xgl Dmeb Firmware Xgl C22B Firmware Xgl Ch2B Firmware Xgl C42B Firmware Xgl Pmeb Firmware Xgl Psea Firmware Xgl Psra Firmware Xgk Xpuh Firmware Xgi Cpuu D Firmware Xec Dn P 32U Firmware Xec Dr28U Firmware Xec Dn P 32Up Firmware Xec Dr28Up Firmware Xec Dn P 32Ua Firmware Xec Dr28Ua Firmware Xec Dn P 32U Dc Firmware Xec Dr28U Dc Firmware Xec Dn P 32Up Dc Firmware Xec Dr28Up Dc Firmware Xec Dn P 32Ua Dc Firmware Xec Dr28Ua Dc Firmware Xec Dr32H Firmware Xec Dr64H Firmware Xec Dn32H Firmware Xec Dn64H Firmware Xbc Dn P 32U Firmware Xbc Dr28U Firmware Xbc Dn P 32Up Firmware Xbc Dr28Up Firmware Xbc Dn P 32Ua Firmware Xbc Dr28Ua Firmware Xbc Dn P 32U Dc Firmware Xbc Dr28U Dc Firmware Xbc Dn P 32Up Dc Firmware Xbc Dr28Up Dc Firmware Xbc Dn P 32Ua Dc Firmware Xbc Dr28Ua Dc Firmware Xbc Dr32H Firmware Xbc Dr64H Firmware Xbc Dn32H Firmware Xbc Dn64H Firmware Xec Dp32H Firmware Xec Dp64H Firmware Xbc Dr32H Dc Firmware Xbc Dr64H Dc Firmware Xbc Dn32H Dc Firmware Xec Dr32H D1 Firmware Xec Dr64H D1 Firmware Xec Dr20Su Firmware Xec Dr30Su Firmware Xec Dr40Su Firmware Xec Dr60Su Firmware Xec Dn20Su Firmware Xec Dn30Su Firmware Xec Dn40Su Firmware Xec Dn60Su Firmware Xec Dp20Su Firmware Xec Dp30Su Firmware Xec Dp40Su Firmware Xec Dp60Su Firmware Xec Dr10E Firmware Xec Dr14E Firmware Xec Dr20E Firmware Xec Dr30E Firmware Xec Dn10E Firmware Xec Dn14E Firmware Xec Dn20E Firmware Xec Dp10E Firmware Xec Dp14E Firmware Xec Dp20E Firmware Xec Dp30E Firmware Xbc Dr20Su Firmware Xbc Dr30Su Firmware Xbc Dr40Su Firmware Xbc Dr60Su Firmware Xbc Dn20Su Firmware Xbc Dn30Su Firmware Xbc Dn40Su Firmware Xbc Dn60Su Firmware Xbc Dp20Su Firmware Xbc Dp30Su Firmware Xbc Dp40Su Firmware Xbc Dp60Su Firmware Xbc Dr10E Firmware Xbc Dr14E Firmware Xbc Dr20E Firmware Xbc Dr30E Firmware Xbc Dn10E Firmware Xbc Dn14E Firmware Xbc Dn20E Firmware Xbc Dp10E Firmware Xbc Dp14E Firmware Xbc Dp20E Firmware Xbc Dp30E Firmware Xem Dn32H2 Firmware Xem Dn32Hp Firmware Xem Dp32H2 Firmware Xem Dp32Hp Firmware Xbm Dn32H2 Firmware Xbm Dn32Hp Firmware Xbm Dp32H2 Firmware Xbm Dp32Hp Firmware Xbm Dp16S Firmware Xbm Dn16S Firmware Xbm Dn32S Firmware Xbe Ac08A Firmware Xbe Dc08A Firmware Xbe Dc16A Firmware Xbe Dc16B Firmware Xbe Dc32A Firmware Xbe Ry08A Firmware Xbe Ry08B Firmware Xbe Ry16A Firmware Xbe Tn08A Firmware Xbe Tn16A Firmware Xbe Tn32A Firmware Xbe Tp08A Firmware Xbe Tp16A Firmware Xbe Tp32A Firmware Xbe Dr16A Firmware Xbe Dr32A Firmware Xbf Ad04A Firmware Xbf Ad04C Firmware Xbf Ah04A Firmware Xbf Dv04A Firmware Xbf Dv04C Firmware Xbf Dc04A Firmware Xbf Dc04C Firmware Xbf Rd04A Firmware Xbf Tc04S Firmware Xbf Tc04Tt Firmware Xbf Tc04Rt Firmware Xbf Pd02A Firmware Xbf Pn08B Firmware Xbf Pn04B Firmware Xbf Ad08A Firmware Xbf Ho02A Firmware Xbf Hd02A Firmware Xbo Ad02A Firmware Xbo Da02A Firmware Xbo Ah02A Firmware Xbo Tc02A Firmware Xbo Rtca Firmware Xbo Dc04A Firmware Xbo Tn04A Firmware Xbo Rd01A Firmware Xbo M2Mb Firmware Xec Dr32H Di Firmware Xec Dr64H Di Firmware Xbc Dn64H Dc Firmware Xbc Dn30E Firmware Xec Dn30E Firmware Xbe Dn32A Firmware Xbg Pn04B Firmware Xbg Pn08B Firmware K80S Firmware K120S Firmware Gm7 Firmware Gm7U Firmware
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 31, 2022 - 16:15 nvd
MEDIUM 5.9

DescriptionNVD

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

AnalysisAI

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-326. Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic. Affected products include: Ls-Electric Xg5000, Ls-Electric Xgk-Cpuun Firmware, Ls-Electric Xgk-Cpuhn Firmware, Ls-Electric Xgk-Cpusn Firmware, Ls-Electric Xgk-Cpuu Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2022-2758 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy