CVE-2023-22806

Published Feb 15, 2023

Last updated a year ago

Overview

Description: LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

ics-cert@hq.dhs.gov: CWE-319

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ls-electric:xbc-dn32u_firmware:01.80:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "242DFA36-841D-457E-B4B7-592A73993C76"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ls-electric:xbc-dn32u:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "78A41BC8-F37E-41EE-BA99-AC992AC24F32"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References