CVE-2023-22803 HIGH

CVE-2023-22803: CVE-2023-22803

Vendor Ls Electric
Product XBC-DN32U
Weakness CWE-306 · Missing auth
Published February 15, 2023
Last update January 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily.

Key dates

02Disclosure timeline

February 15, 2023 CVE published
January 16, 2025 Record updated