How severe is CVE-2022-2758?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-2758?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2022-2758 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric XG5000 software prior to V4.0 and LS Electric PLCs: all versions of XGK-CPUU/H/A/S/E prior to V3.50, all versions of XGI-CPUU/UD/H/S/E prior to V3.20, all versions of XGR-CPUH prior to V1.80, all versions of XGB-XBMS prior to V3.00, all versions of XGB-XBCH prior to V1.90, and all versions of XGB-XECH prior to V1.30. This would allow an attacker to identify and decrypt the password of the affected PLCs by sniffing the PLC’s communication traffic.

Related Vulnerabilities

CVE-2005-4900

MEDIUM

CVSS:5.9(Medium)

SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to...

CWE-3262005

CVE-2013-2566

MEDIUM

CVSS:5.9(Medium)

The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis ...

CWE-3262013

CVE-2016-10104

MEDIUM

CVSS:5.9(Medium)

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP ...

CWE-3262016

CVE-2016-4685

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the "iTunes Backup" component, which improperly hashes passwords, making it easier to decrypt files.

CWE-3262016

CVE-2016-6225

MEDIUM

CVSS:5.9(Medium)

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain s...

CWE-3262016

CVE-2017-1179

MEDIUM

CVSS:5.9(Medium)

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431.

CWE-3262017