cve/2023/CVE-2023-22804.md

### [CVE-2023-22804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22804)
![](https://img.shields.io/static/v1?label=Product&message=XBC-DN32U&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20Operating%20System%20Version%2001.80%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)

### Description

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/goheea/goheea
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-22804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22804)`
			`![](https://img.shields.io/static/v1?label=Product&message=XBC-DN32U&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20Operating%20System%20Version%2001.80%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)`

			`### Description`

			`LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and take control of the device.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/goheea/goheea`