CVE-2023-22806 – LS ELECTRIC XBC-DN32U programmable logic contro... (How to Fix)

Q: What is the severity of CVE-2023-22806?

CVE-2023-22806 has a CVSS score of 7.5 (HIGH). LS ELECTRIC XBC-DN32U programmable logic controllers transmit sensitive information like user credentials in cleartext over the XGT protocol. This allows attackers on the same network to intercept and steal authentication data. Organizations using these industrial control systems with version 01.80 are affected.

📋 TL;DR

LS ELECTRIC XBC-DN32U programmable logic controllers transmit sensitive information like user credentials in cleartext over the XGT protocol. This allows attackers on the same network to intercept and steal authentication data. Organizations using these industrial control systems with version 01.80 are affected.

💻 Affected Systems

Products:

LS ELECTRIC XBC-DN32U

Versions: Operating system version 01.80

Operating Systems: LS ELECTRIC proprietary OS

Default Config Vulnerable: ⚠️ Yes

Notes: All systems using XGT protocol communication with version 01.80 are vulnerable by default.

📦 What is this software?

Xbc Dn32u Firmware by Ls Electric

View all CVEs affecting Xbc Dn32u Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative credentials, take full control of industrial processes, manipulate operations, cause physical damage, or disrupt critical infrastructure.

🟠

Likely Case

Attackers intercept credentials, gain unauthorized access to PLCs, modify control logic, disrupt operations, or steal sensitive industrial data.

🟢

If Mitigated

With proper network segmentation and monitoring, attackers may capture credentials but cannot reach critical systems, limiting impact to isolated network segments.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires network access to intercept cleartext traffic; no authentication bypass needed once credentials are captured.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact LS ELECTRIC for updated firmware

Vendor Advisory: https://www.lselectric.com/security (check for specific advisory)

Restart Required: Yes

Instructions:

1. Contact LS ELECTRIC for firmware update
2. Backup current configuration
3. Apply firmware update following vendor instructions
4. Restart device
5. Verify encryption is enabled for XGT protocol

🔧 Temporary Workarounds

Network Segmentation

all

Isolate XBC-DN32U devices on separate VLANs with strict access controls

VPN Tunnel

all

Encapsulate XGT protocol traffic within encrypted VPN tunnels

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks
Deploy network monitoring and intrusion detection to alert on cleartext credential transmission

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via programming software; if version is 01.80 and XGT protocol is used without encryption, device is vulnerable

Check Version:

Use LS ELECTRIC XG5000 programming software to read PLC version information

Verify Fix Applied:

Verify firmware version is updated beyond 01.80 and confirm XGT protocol traffic is encrypted using network packet analysis

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts from unexpected IPs
Multiple login attempts in short time

Network Indicators:

Cleartext transmission of credentials on port 2004 (default XGT port)
Unencrypted XGT protocol traffic containing authentication strings

SIEM Query:

source_port:2004 AND protocol:XGT AND (content:"password" OR content:"login" OR content:"auth")

📊 Metadata

CVE ID: CVE-2023-22806

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-319

Published: February 15, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02 Third Party Advisory,US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-02 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22806, you might also want to check these: