Required CVE Record Information
Description
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 9.1 | CRITICAL | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Credits
- HeeA Go of Dankook University reported these vulnerabilities finder
References 1 Total
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.