Search
Find a vulnerability
Search criteria
2 vulnerabilities by LS Industrial Systems (LSIS) Co. Ltd LS Electric
CVE-2022-2758 (GCVE-0-2022-2758)
Vulnerability from nvd – Published: 2022-08-31 15:33 – Updated: 2025-04-16 16:11
VLAI
EPSS
VEX
Title
Update
Summary
Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | XG5000 |
Affected:
All versions , < V4.0
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XECH |
Affected:
All versions , < V1.30
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XBCH |
Affected:
All versions , < V1.90
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XBMS |
Affected:
All versions , < V3.00
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGR-CPUH |
Affected:
All versions , < V1.80
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGI-CPUU/UD/H/S/E |
Affected:
All versions , < V3.20
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGK-CPUU/H/A/S/E |
Affected:
All versions , < V3.50
(custom)
|
Date Public
2022-08-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:15.763986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:11:29.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "XG5000",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGB-XECH",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V1.30",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGB-XBCH",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V1.90",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGB-XBMS",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V3.00",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGR-CPUH",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V1.80",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGI-CPUU/UD/H/S/E",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V3.20",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGK-CPUU/H/A/S/E",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V3.50",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hong-Gi Kin of the Korea Internet \u0026 Security Agency (KISA) reported this vulnerability."
}
],
"datePublic": "2022-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC\u2019s communication traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Update",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2758",
"datePublished": "2022-08-31T15:33:03.944Z",
"dateReserved": "2022-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:11:29.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2758 (GCVE-0-2022-2758)
Vulnerability from cvelistv5 – Published: 2022-08-31 15:33 – Updated: 2025-04-16 16:11
VLAI
EPSS
VEX
Title
Update
Summary
Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
1 reference
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | XG5000 |
Affected:
All versions , < V4.0
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XECH |
Affected:
All versions , < V1.30
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XBCH |
Affected:
All versions , < V1.90
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGB-XBMS |
Affected:
All versions , < V3.00
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGR-CPUH |
Affected:
All versions , < V1.80
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGI-CPUU/UD/H/S/E |
Affected:
All versions , < V3.20
(custom)
|
|
| LS Industrial Systems (LSIS) Co. Ltd LS Electric | PLC: XGK-CPUU/H/A/S/E |
Affected:
All versions , < V3.50
(custom)
|
Date Public
2022-08-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:04.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:50:15.763986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:11:29.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "XG5000",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGB-XECH",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V1.30",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGB-XBCH",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V1.90",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGB-XBMS",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V3.00",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGR-CPUH",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V1.80",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGI-CPUU/UD/H/S/E",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V3.20",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"product": "PLC: XGK-CPUU/H/A/S/E",
"vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
"versions": [
{
"lessThan": "V3.50",
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hong-Gi Kin of the Korea Internet \u0026 Security Agency (KISA) reported this vulnerability."
}
],
"datePublic": "2022-08-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC\u2019s communication traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Update",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2758",
"datePublished": "2022-08-31T15:33:03.944Z",
"dateReserved": "2022-08-10T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:11:29.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}