cvedb.io
CVE-2023-22804
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2023-02-15T18:15:11.827 · Last modified 2026-06-17T05:36:12.567

Summary

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.

Affected products

ls-electric — xbc-dn32u_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when ls-electric ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.