Lucene search

JpcertCVE-2022-21808

HistoryMar 11, 2022 - 9:15 a.m.

CVE-2022-21808

2022-03-1109:15:11

CWE-23

CWE-22

jpcert

web.nvd.nist.gov

cve-2022-21808

nvd

security vulnerability

yokogawa electric

path traversal

centum cs 3000

centum vp

exaopc

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Affected configurations

Nvd

Vulners

Node

yokogawacentum_cs_3000_firmwareRanger3.08.10–r3.09.00

AND

yokogawacentum_cs_3000Match-

Node

yokogawacentum_cs_3000_entry_firmwareRanger3.08.10–r3.09.00

AND

yokogawacentum_cs_3000_entryMatch-

Node

yokogawacentum_vp_firmwareRanger4.01.00–r4.03.00

yokogawacentum_vp_firmwareRanger5.01.00–r5.04.20

yokogawacentum_vp_firmwareRanger6.01.00–r6.09.00

AND

yokogawacentum_vpMatch-

Node

yokogawacentum_vp_entry_firmwareRanger4.01.00–r4.03.00

yokogawacentum_vp_entry_firmwareRanger5.01.00–r5.04.20

yokogawacentum_vp_entry_firmwareRanger6.01.00–r6.09.00

AND

yokogawacentum_vp_entryMatch-

Node

yokogawaexaopcRanger3.72.00–r3.80.00

VendorProductVersionCPE
yokogawacentum_cs_3000_firmware*cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*
yokogawacentum_cs_3000-cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*
yokogawacentum_cs_3000_entry_firmware*cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*
yokogawacentum_cs_3000_entry-cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*
yokogawacentum_vp_firmware*cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
yokogawacentum_vp-cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*
yokogawacentum_vp_entry_firmware*cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*
yokogawacentum_vp_entry-cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*
yokogawaexaopc*cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yokogawa	centum_cs_3000_firmware	*	cpe:2.3:o:yokogawa:centum_cs_3000_firmware::::::::
yokogawa	centum_cs_3000	-	cpe:2.3:h:yokogawa:centum_cs_3000:-:::::::*
yokogawa	centum_cs_3000_entry_firmware	*	cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware::::::::
yokogawa	centum_cs_3000_entry	-	cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:::::::*
yokogawa	centum_vp_firmware	*	cpe:2.3:o:yokogawa:centum_vp_firmware::::::::
yokogawa	centum_vp	-	cpe:2.3:h:yokogawa:centum_vp:-:::::::*
yokogawa	centum_vp_entry_firmware	*	cpe:2.3:o:yokogawa:centum_vp_entry_firmware::::::::
yokogawa	centum_vp_entry	-	cpe:2.3:h:yokogawa:centum_vp_entry:-:::::::*
yokogawa	exaopc	*	cpe:2.3:a:yokogawa:exaopc::::::::

CNA Affected

[
  {
    "product": "CENTUM CS 3000",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R3.08.10 to R3.09.00"
      }
    ]
  },
  {
    "product": "CENTUM VP",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R4.01.00 to R4.03.00"
      },
      {
        "status": "affected",
        "version": "versions from R5.01.00 to R5.04.20"
      },
      {
        "status": "affected",
        "version": "versions from R6.01.00 to R6.08.00"
      }
    ]
  },
  {
    "product": "Exaopc",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R3.72.00 to R3.79.00"
      }
    ]
  }
]

References

web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

48.4%

JSON

Related for CVE-2022-21808