Update
CVE-2022-2758

6.5MEDIUM

Key Information:

Vendor: Ls Industrial Systems (lsis) Co. Ltd Ls Electric
Status: Xg5000; Plc: Xgb-xech; Plc: Xgb-xbch; Plc: Xgb-xbms
Vendor: CVE Published:; 31 August 2022

🔔 Create Ls Industrial Systems (lsis) Co. Ltd Ls Electric Vulnerability Alert

What is CVE-2022-2758?

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PLC: XGB-XBCH All versions

PLC: XGB-XBMS All versions

PLC: XGB-XECH All versions

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 31, 2022
Vulnerability Reserved
Aug 10, 2022

Credit

Hong-Gi Kin of the Korea Internet & Security Agency (KISA) reported this vulnerability.

JSON

Ls Industrial Systems (lsis) Co. Ltd Ls Electric