CVE-2023-22806 HIGH

CVE-2023-22806: CVE-2023-22806

Vendor Ls Electric
Product XBC-DN32U
Weakness CWE-319 · Cleartext transmission
Published February 15, 2023
Last update January 16, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.

Key dates

02Disclosure timeline

February 15, 2023 CVE published
January 16, 2025 Record updated