LS ELECTRIC XBC-DN32U

Act Now9.8ICS-CERT ICSA-23-040-02Feb 9, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

LS ELECTRIC XBC-DN32U Operating System (version 1.8) contains multiple vulnerabilities (CWE-306, CWE-284, CWE-319, CWE-788) allowing an attacker to steal PLC information, sever PLC communications, modify PLC code, obtain credentials, and cause denial-of-service conditions. The device has a CVSS score of 9.8 (critical) with no authentication required and no network access complexity.

What this means

What could happen

An attacker with network access could remotely extract PLC program logic and credentials, modify control code to alter process behavior, or disconnect the device from communications—disrupting plant operations and potentially allowing unsafe setpoint changes.

Who's at risk

Energy and manufacturing operators running LS ELECTRIC XBC-DN32U controllers in water treatment, power distribution, or process automation environments. Any facility using this PLC model for critical setpoint control, safety interlocks, or production logic is at risk.

How it could be exploited

An attacker on the network sends unauthenticated requests to the XBC-DN32U on its management port. The device fails to enforce access controls, allowing the attacker to read stored credentials, download the PLC program, or inject malicious code into the runtime without providing valid engineering credentials.

Prerequisites

Network access to the XBC-DN32U device (typically port 502 for Modbus or manufacturer-specific management ports)
No credentials required
Device must be reachable from attacker's network segment

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.8)no patch availableaffects control logic and communications

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

XBC-DN32U: XBC-DN32U: Operating System1.8No fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDEnable the Host Table option in the XBC-DN32U configuration to restrict PLC communication to known trusted IP addresses and devices only

HARDENINGPlace the PLC behind a firewall and isolate the control network from business network segments

HARDENINGMinimize direct Internet exposure by ensuring the PLC is not accessible from outside your facility network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access is required, deploy a VPN with current security patches and authenticate all remote sessions

Long-term hardening

0/1

HARDENINGMonitor for and report suspected malicious activity targeting the PLC to CISA

CVEs (7)

CVE-2023-22803 CVE-2023-22804 CVE-2023-22805 CVE-2023-22806 CVE-2023-22807 CVE-2023-0102 CVE-2023-0103

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21e3df66-02e2-4ff1-a235-67f9ef8b8ecc