CVE-2022-30707

🗓️ 28 Jun 2022 10:05:59Reported by jpcertType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 74 Views

Violation of secure design principles in CAMS for HIS communication in CENTUM series, CENTUM VP, CENTUM VP Small, CENTUM VP Basic, Exaopc, B/M9000 CS, and B/M9000 VP can lead to adjacent attacker compromising and accessing data

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-30707	28 Jun 202213:15	–	attackerkb
BDU FSTEC	The vulnerabilities of distributed control systems such as CENTUM CS 3000, CENTUM VP, B/M9000 VP, B/M9000CS, and the OPC-server Exaopc are related to violations of secure design principles. These vulnerabilities allow attackers to access protected information or cause service failures.	17 Aug 202200:00	–	bdu_fstec
Circl	CVE-2022-30707	29 Jun 202204:42	–	circl
CNNVD	Yokogawa Exaopc 安全漏洞	23 Jun 202200:00	–	cnnvd
Cvelist	CVE-2022-30707	28 Jun 202210:05	–	cvelist
EUVD	EUVD-2022-52537	3 Oct 202520:07	–	euvd
ICS	Yokogawa CAMS for HIS	23 Jun 202200:00	–	ics
NVD	CVE-2022-30707	28 Jun 202213:15	–	nvd
OSV	CVE-2022-30707	28 Jun 202213:15	–	osv
Prion	Information disclosure	28 Jun 202213:15	–	prion

NVD

Node

yokogawa centum_cs_3000_firmwareRanger3.08.10–r3.09.00

AND

yokogawa centum_cs_3000Match-

Node

yokogawa centum_cs_3000_entry_class_firmwareRanger3.08.10–r3.09.00

AND

yokogawa centum_cs_3000_entry_classMatch-

Node

yokogawa centum_vp_firmwareRanger4.01.00–r4.03.00

yokogawa centum_vp_firmwareRanger5.01.00–r5.04.20

yokogawa centum_vp_firmwareRanger6.01.00–r6.09.00

AND

yokogawa centum_vpMatch-

Node

yokogawa centum_vp_entry_class_firmwareRanger4.01.00–r4.03.00

yokogawa centum_vp_entry_class_firmwareRanger5.01.00–r5.04.20

yokogawa centum_vp_entry_class_firmwareRanger6.01.00–r6.09.00

AND

yokogawa centum_vp_entry_classMatch-

Node

yokogawa exaopcRanger3.72.00–r3.80.00

Node

yokogawa b/m9000_vpRanger6.01.01–r8.03.01

yokogawa b/m9000csRanger5.04.01–r5.05.01

[
  {
    "product": "CAMS for HIS",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/vu/JVNVU92819891/index.html
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-174-02
web-material3	www.web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf
web-material3	www.web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf

17 Jun 2026 04:44Current

8.5High risk

Vulners AI Score8.5

CVSS 25.4

CVSS 3.18.8

EPSS0.00579