Unauthenticated User Creation Vulnerability in LS ELECTRIC XBC-DN32U PLC

Unauthenticated User Creation Vulnerability in LS ELECTRIC XBC-DN32U PLC

CVE-2023-22804 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.

Learn more about our User Device Pen Test.