CVE-2022-2758 Information

Description

All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. This would allow an attacker to identify and decrypt the affected PLC’s password by sniffing the traffic.

Reference

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02