CVE-2022-2758

Name: CVE-2022-2758
Creator: NVD / NIST
Published: 2022-08-31T16:15:11.383+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.9/10EPSS 0.31%

Last modified Jun 17, 2026

CVE-2022-2758 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. EPSS estimates a 0.31% chance of exploitation in the next 30 days.

Description

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Metrics

CVSS 3.1

5.9/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.31%

22.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-326

Affected Software

Vendor	Product	Versions
Ls-Electric	Xg5000	All versions
Ls-Electric	Xgk-Cpuun Firmware	All versions
Ls-Electric	Xgk-Cpuhn Firmware	All versions
Ls-Electric	Xgk-Cpusn Firmware	All versions
Ls-Electric	Xgk-Cpuu Firmware	All versions
Ls-Electric	Xgk-Cpuh Firmware	All versions
Ls-Electric	Xgk-Cpua Firmware	All versions
Ls-Electric	Xgk-Cpus Firmware	All versions
Ls-Electric	Xgk-Cpue Firmware	All versions
Ls-Electric	Xgi-Cpuun Firmware	All versions
Ls-Electric	Xgi-Cpuu Firmware	All versions
Ls-Electric	Xgi-Cpuh Firmware	All versions
Ls-Electric	Xgi-Cpus Firmware	All versions
Ls-Electric	Xgi-Cpue Firmware	All versions
Ls-Electric	Xgr-Cpuh\/F Firmware	All versions
Ls-Electric	Xgr-Cpuh\/T Firmware	All versions
Ls-Electric	Xgr-Cpuh\/S Firmware	All versions
Ls-Electric	Xgi-D21a Firmware	All versions
Ls-Electric	Xgi-D22a Firmware	All versions
Ls-Electric	Xgi-D22b Firmware	All versions
Ls-Electric	Xgi-D24a Firmware	All versions
Ls-Electric	Xgi-D24b Firmware	All versions
Ls-Electric	Xgi-D28a Firmware	All versions
Ls-Electric	Xgi-D28b Firmware	All versions
Ls-Electric	Xgi-A12a Firmware	All versions
Ls-Electric	Xgi-A21a Firmware	All versions
Ls-Electric	Xgi-A21c Firmware	All versions
Ls-Electric	Xgq-Ry1a Firmware	All versions
Ls-Electric	Xgq-Ry2a Firmware	All versions
Ls-Electric	Xgq-Ry2b Firmware	All versions
Ls-Electric	Xgq-Tr1c Firmware	All versions
Ls-Electric	Xgq-Tr2a Firmware	All versions
Ls-Electric	Xgq-Tr2b Firmware	All versions
Ls-Electric	Xgq-Tr4a Firmware	All versions
Ls-Electric	Xgq-Tr4b Firmware	All versions
Ls-Electric	Xgq-Tr8a Firmware	All versions
Ls-Electric	Xgq-Tr8b Firmware	All versions
Ls-Electric	Xgq-Ss2a Firmware	All versions
Ls-Electric	Xgf-Av8a Firmware	All versions
Ls-Electric	Xgf-Ac8a Firmware	All versions
Ls-Electric	Xgf-Ad16a Firmware	All versions
Ls-Electric	Xgf-Aw4s Firmware	All versions
Ls-Electric	Xgf-Dv4a Firmware	All versions
Ls-Electric	Xgf-Dc4a Firmware	All versions
Ls-Electric	Xgf-Dv8a Firmware	All versions
Ls-Electric	Xgf-Dc8a Firmware	All versions
Ls-Electric	Xgf-Dv4s Firmware	All versions
Ls-Electric	Xgf-Dc4s Firmware	All versions
Ls-Electric	Xgf-Ah6a Firmware	All versions
Ls-Electric	Xgf-Tc4s Firmware	All versions

Showing 50 of 235 affected configurations. See NVD for the full list.

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02Third Party Advisory, US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-02Third Party Advisory, US Government Resource

Timeline

Published: Aug 31, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-2758?

How severe is CVE-2022-2758?

CVE-2022-2758 has a CVSS score of 5.9/10 (MEDIUM severity). The EPSS model estimates a 0.31% probability of exploitation in the next 30 days.

How do I fix CVE-2022-2758?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-2758?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST