CVE-2023-22803

Опубликовано: 15 фев. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ls-electric:xbc-dn32u_firmware:01.80:*:*:*:*:*:*:*

cpe:2.3:h:ls-electric:xbc-dn32u:-:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00076

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-ww7q-jpm3-9c64

CVSS3: 7.5

github

почти 3 года назад

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.

EPSS

Процентиль: 23%

0.00076

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-306