Search

Find a vulnerability

Search criteria

    2 vulnerabilities by LS Industrial Systems (LSIS) Co. Ltd LS Electric

    CVE-2022-2758 (GCVE-0-2022-2758)

    Vulnerability from nvd – Published: 2022-08-31 15:33 – Updated: 2025-04-16 16:11
    VLAI
    Title
    Update
    Summary
    Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Date Public
    2022-08-16 00:00
    Credits
    Hong-Gi Kin of the Korea Internet & Security Agency (KISA) reported this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:04.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2758",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:15.763986Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:11:29.230Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XG5000",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V4.0",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGB-XECH",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V1.30",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGB-XBCH",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V1.90",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGB-XBMS",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V3.00",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGR-CPUH",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V1.80",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGI-CPUU/UD/H/S/E",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V3.20",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGK-CPUU/H/A/S/E",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V3.50",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Hong-Gi Kin of the Korea Internet \u0026 Security Agency (KISA) reported this vulnerability."
            }
          ],
          "datePublic": "2022-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC\u2019s communication traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-14T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Update",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-2758",
        "datePublished": "2022-08-31T15:33:03.944Z",
        "dateReserved": "2022-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:11:29.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2758 (GCVE-0-2022-2758)

    Vulnerability from cvelistv5 – Published: 2022-08-31 15:33 – Updated: 2025-04-16 16:11
    VLAI
    Title
    Update
    Summary
    Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-326 - Inadequate Encryption Strength
    Assigner
    Date Public
    2022-08-16 00:00
    Credits
    Hong-Gi Kin of the Korea Internet & Security Agency (KISA) reported this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:46:04.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-2758",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:50:15.763986Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:11:29.230Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "XG5000",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V4.0",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGB-XECH",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V1.30",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGB-XBCH",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V1.90",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGB-XBMS",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V3.00",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGR-CPUH",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V1.80",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGI-CPUU/UD/H/S/E",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V3.20",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "PLC: XGK-CPUU/H/A/S/E",
              "vendor": "LS Industrial Systems (LSIS) Co. Ltd LS Electric",
              "versions": [
                {
                  "lessThan": "V3.50",
                  "status": "affected",
                  "version": "All versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Hong-Gi Kin of the Korea Internet \u0026 Security Agency (KISA) reported this vulnerability."
            }
          ],
          "datePublic": "2022-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC\u2019s communication traffic."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-326",
                  "description": "CWE-326 Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-14T00:00:00.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Update",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2022-2758",
        "datePublished": "2022-08-31T15:33:03.944Z",
        "dateReserved": "2022-08-10T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:11:29.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }