The LS ELECTRIC XBC-DN32U with operating system version 01.80 has several vulnerabilities that could allow an attacker to steal information, cause users to lose communication with the PLC, modify PLC code, obtain credentials, and create a denial-of-service condition. These vulnerabilities have been assigned CVE-2023-22803, CVE-2023-22804, CVE-2023-22805, CVE-2023-22806, CVE-2023-22807, CVE-2023-0102, and CVE-2023-0103. To minimize the risk of exploitation of these vulnerabilities, CISA recommends users take defensive measures such as minimizing network exposure for all control system devices and/or systems, and ensuring they are not accessible from the Internet. Additionally, they suggest using secure methods such as Virtual Private Networks when remote access is required. Organizations observing suspected malicious activity should report findings to CISA. No known public exploits specifically target these vulnerabilities.
This Cyber News was published on us-cert.cisa.gov. Publication date: Thu, 09 Feb 2023 17:49:02 +0000