VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 15, 2023· Updated Jan 16, 2025

CVE-2023-22805

CVE-2023-22805

Description

LS ELECTRIC XBC-DN32U with OS version 01.80 has improper access control to its read prohibition feature, allowing a remote attacker to lock users out of reading data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

LS ELECTRIC XBC-DN32U with OS version 01.80 has improper access control to its read prohibition feature, allowing a remote attacker to lock users out of reading data.

Vulnerability

The vulnerability exists in the LS ELECTRIC XBC-DN32U programmable logic controller (PLC) running operating system version 01.80. The device's read prohibition feature has improper access control, allowing the feature to be set remotely without proper authorization. [1]

Exploitation

An attacker can exploit this vulnerability remotely over the network without requiring authentication or user interaction. By sending a specially crafted request to the PLC, the attacker can enable the read prohibition feature, which locks out legitimate users from reading data from the device. [1]

Impact

Successful exploitation results in a denial-of-service condition where users are unable to read data from the PLC. This can lead to loss of visibility into the controlled process and potential operational disruption. [1]

Mitigation

No mitigation information is provided in the available reference. Users should contact LS ELECTRIC for firmware updates and consider network segmentation and access controls as compensating measures. [1]

References
  1. LS ELECTRIC XBC-DN32U | CISA

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Electricmonk/Xbc Dn32ullm-fuzzy2 versions
    = 01.80+ 1 more
    • (no CPE)range: = 01.80
    • (no CPE)range: Operating System Version 01.80

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.