🛡️ CVE-2022-2758
🟡 CVSS 6.5 — Medium ✅ No Known Exploit CWE-326 NVD
6.5
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Details

Severity MEDIUM
CVSS Score 6.5
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE CWE-326
Public Exploit ✅ No
Source NVD
Published 2022-08-31
Updated 2026-06-08
Modified 2024-11-21
Fix URL N/A

Affected Packages

Software From version Fixed in
gm7-firmware
gm7u-firmware
k120s-firmware
k80s-firmware
xbc-dn\(p\)32u-firmware
xbc-dn\(p\)32u\/dc-firmware
xbc-dn\(p\)32ua-firmware
xbc-dn\(p\)32ua\/dc-firmware
xbc-dn\(p\)32up-firmware
xbc-dn\(p\)32up\/dc-firmware
xbc-dn10e-firmware
xbc-dn14e-firmware
xbc-dn20e-firmware
xbc-dn20su-firmware
xbc-dn30e-firmware
xbc-dn30su-firmware
xbc-dn32h-firmware
xbc-dn32h\/dc-firmware
xbc-dn40su-firmware
xbc-dn60su-firmware
xbc-dn64h-firmware
xbc-dn64h\/dc-firmware
xbc-dp10e-firmware
xbc-dp14e-firmware
xbc-dp20e-firmware
xbc-dp20su-firmware
xbc-dp30e-firmware
xbc-dp30su-firmware
xbc-dp40su-firmware
xbc-dp60su-firmware
xbc-dr10e-firmware
xbc-dr14e-firmware
xbc-dr20e-firmware
xbc-dr20su-firmware
xbc-dr28u-firmware
xbc-dr28u\/dc-firmware
xbc-dr28ua-firmware
xbc-dr28ua\/dc-firmware
xbc-dr28up-firmware
xbc-dr28up\/dc-firmware
xbc-dr30e-firmware
xbc-dr30su-firmware
xbc-dr32h-firmware
xbc-dr32h\/dc-firmware
xbc-dr40su-firmware
xbc-dr60su-firmware
xbc-dr64h-firmware
xbc-dr64h\/dc-firmware
xbe-ac08a-firmware
xbe-dc08a-firmware
xbe-dc16a-firmware
xbe-dc16b-firmware
xbe-dc32a-firmware
xbe-dn32a-firmware
xbe-dr16a-firmware
xbe-dr32a-firmware
xbe-ry08a-firmware
xbe-ry08b-firmware
xbe-ry16a-firmware
xbe-tn08a-firmware
xbe-tn16a-firmware
xbe-tn32a-firmware
xbe-tp08a-firmware
xbe-tp16a-firmware
xbe-tp32a-firmware
xbf-ad04a-firmware
xbf-ad04c-firmware
xbf-ad08a-firmware
xbf-ah04a-firmware
xbf-dc04a-firmware
xbf-dc04c-firmware
xbf-dv04a-firmware
xbf-dv04c-firmware
xbf-hd02a-firmware
xbf-ho02a-firmware
xbf-pd02a-firmware
xbf-pn04b-firmware
xbf-pn08b-firmware
xbf-rd04a-firmware
xbf-tc04rt-firmware
xbf-tc04s-firmware
xbf-tc04tt-firmware
xbg-pn04b-firmware
xbg-pn08b-firmware
xbm-dn16s-firmware
xbm-dn32h2-firmware
xbm-dn32hp-firmware
xbm-dn32s-firmware
xbm-dp16s-firmware
xbm-dp32h2-firmware
xbm-dp32hp-firmware
xbo-ad02a-firmware
xbo-ah02a-firmware
xbo-da02a-firmware
xbo-dc04a-firmware
xbo-m2mb-firmware
xbo-rd01a-firmware
xbo-rtca-firmware
xbo-tc02a-firmware
xbo-tn04a-firmware
xec-dn\(p\)32u-firmware
xec-dn\(p\)32u\/dc-firmware
xec-dn\(p\)32ua-firmware
xec-dn\(p\)32ua\/dc-firmware
xec-dn\(p\)32up-firmware
xec-dn\(p\)32up\/dc-firmware
xec-dn10e-firmware
xec-dn14e-firmware
xec-dn20e-firmware
xec-dn20su-firmware
xec-dn30e-firmware
xec-dn30su-firmware
xec-dn32h-firmware
xec-dn40su-firmware
xec-dn60su-firmware
xec-dn64h-firmware
xec-dp10e-firmware
xec-dp14e-firmware
xec-dp20e-firmware
xec-dp20su-firmware
xec-dp30e-firmware
xec-dp30su-firmware
xec-dp32h-firmware
xec-dp40su-firmware
xec-dp60su-firmware
xec-dp64h-firmware
xec-dr10e-firmware
xec-dr14e-firmware
xec-dr20e-firmware
xec-dr20su-firmware
xec-dr28u-firmware
xec-dr28u\/dc-firmware
xec-dr28ua-firmware
xec-dr28ua\/dc-firmware
xec-dr28up-firmware
xec-dr28up\/dc-firmware
xec-dr30e-firmware
xec-dr30su-firmware
xec-dr32h-firmware
xec-dr32h\/d1-firmware
xec-dr32h\/di-firmware
xec-dr40su-firmware
xec-dr60su-firmware
xec-dr64h-firmware
xec-dr64h\/d1-firmware
xec-dr64h\/di-firmware
xem-dn32h2-firmware
xem-dn32hp-firmware
xem-dp32h2-firmware
xem-dp32hp-firmware
xg5000
xgf-ac4h-firmware
xgf-ac8a-firmware
xgf-ad16a-firmware
xgf-ah6a-firmware
xgf-av8a-firmware
xgf-aw4s-firmware
xgf-dc4a-firmware
xgf-dc4h-firmware
xgf-dc4s-firmware
xgf-dc8a-firmware
xgf-dl16a-firmware
xgf-dv4a-firmware
xgf-dv4s-firmware
xgf-dv8a-firmware
xgf-h08a-firmware
xgf-hd2a-firmware
xgf-ho2a-firmware
xgf-m32e-firmware
xgf-pd1h-firmware
xgf-pd2h-firmware
xgf-pd3h-firmware
xgf-pd4h-firmware
xgf-pn4b-firmware
xgf-pn8a-firmware
xgf-pn8b-firmware
xgf-po1h-firmware
xgf-po2h-firmware
xgf-po3h-firmware
xgf-po4h-firmware
xgf-rd4a-firmware
xgf-rd4s-firmware
xgf-rd8a-firmware
xgf-soea-firmware
xgf-tc4rt-firmware
xgf-tc4s-firmware
xgf-tc4ud-firmware
xgi-a12a-firmware
xgi-a21a-firmware
xgi-a21c-firmware
xgi-cpue-firmware
xgi-cpuh-firmware
xgi-cpus-firmware
xgi-cpuu-firmware
xgi-cpuu\/d-firmware
xgi-cpuun-firmware
xgi-d21a-firmware
xgi-d22a-firmware
xgi-d22b-firmware
xgi-d24a-firmware
xgi-d24b-firmware
xgi-d28a-firmware
xgi-d28b-firmware
xgk-cpua-firmware
xgk-cpue-firmware
xgk-cpuh-firmware
xgk-cpuhn-firmware
xgk-cpus-firmware
xgk-cpusn-firmware
xgk-cpuu-firmware
xgk-cpuun-firmware
xgk-xpuh-firmware
xgl-c22b-firmware
xgl-c42b-firmware
xgl-ch2b-firmware
xgl-dmeb-firmware
xgl-efmfb-firmware
xgl-efmtb-firmware
xgl-pmeb-firmware
xgl-psea-firmware
xgl-psra-firmware
xgq-ry1a-firmware
xgq-ry2a-firmware
xgq-ry2b-firmware
xgq-ss2a-firmware
xgq-tr1c-firmware
xgq-tr2a-firmware
xgq-tr2b-firmware
xgq-tr4a-firmware
xgq-tr4b-firmware
xgq-tr8a-firmware
xgq-tr8b-firmware
xgr-cpuh\/f-firmware
xgr-cpuh\/s-firmware
xgr-cpuh\/t-firmware

References

Third Party Advisory, US Government Resource https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02
Third Party Advisory, US Government Resource https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02

Patch Gap Protection

Running software with known vulnerabilities?

BotEraser can help reduce exposure by blocking IPs associated with exploit activity — even before a patch is available.

Start Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.