CVE-2022-2758: Update

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-2758

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Update

Source: NVD (National Vulnerability Database)

Vulnerability Description

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

不充分的加密强度

Source: NVD (National Vulnerability Database)

Vulnerability Title

LS ELECTRIC PLC 和 XG5000 加密问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

LS ELECTRIC PLC是韩国LS 产电（LS ELECTRIC）公司的一种可编程逻辑控制器。 LS Electric PLC 和 XG5000 存在加密问题漏洞，该漏洞源于在通信过程中，密码没有被充分加密，这可能允许攻击者通过嗅探流量来识别和解密受影响的 PLC 的密码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
LS Industrial Systems (LSIS) Co. Ltd LS Electric	XG5000	All versions ~ V4.0	-
LS Industrial Systems (LSIS) Co. Ltd LS Electric	PLC: XGB-XECH	All versions ~ V1.30	-
LS Industrial Systems (LSIS) Co. Ltd LS Electric	PLC: XGB-XBCH	All versions ~ V1.90	-
LS Industrial Systems (LSIS) Co. Ltd LS Electric	PLC: XGB-XBMS	All versions ~ V3.00	-
LS Industrial Systems (LSIS) Co. Ltd LS Electric	PLC: XGR-CPUH	All versions ~ V1.80	-
LS Industrial Systems (LSIS) Co. Ltd LS Electric	PLC: XGI-CPUU/UD/H/S/E	All versions ~ V3.20	-
LS Industrial Systems (LSIS) Co. Ltd LS Electric	PLC: XGK-CPUU/H/A/S/E	All versions ~ V3.50	-

II. Public POCs for CVE-2022-2758

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-2758

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same weakness: CWE-326

V. Comments for CVE-2022-2758

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2022-2758

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-2758

III. Intelligence Information for CVE-2022-2758

IV. Related Vulnerabilities

V. Comments for CVE-2022-2758

Leave a comment