CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
48.4%
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Vendor | Product | Version | CPE |
---|---|---|---|
yokogawa | centum_cs_3000_firmware | * | cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:* |
yokogawa | centum_cs_3000 | - | cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:* |
yokogawa | centum_cs_3000_entry_firmware | * | cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:* |
yokogawa | centum_cs_3000_entry | - | cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:* |
yokogawa | centum_vp_firmware | * | cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:* |
yokogawa | centum_vp | - | cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:* |
yokogawa | centum_vp_entry_firmware | * | cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:* |
yokogawa | centum_vp_entry | - | cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:* |
yokogawa | exaopc | * | cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:* |
[
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
48.4%