CVE-2022-30707

🗓️ 28 Jun 2022 10:05:59Reported by jpcertType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 69 Views

Violation of secure design principles in CAMS for HIS communication in CENTUM series, CENTUM VP, CENTUM VP Small, CENTUM VP Basic, Exaopc, B/M9000 CS, and B/M9000 VP can lead to adjacent attacker compromising and accessing data

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2022-30707	28 Jun 202213:15	–	attackerkb
Circl	CVE-2022-30707	29 Jun 202204:42	–	circl
CNNVD	Yokogawa Exaopc 安全漏洞	23 Jun 202200:00	–	cnnvd
Cvelist	CVE-2022-30707	28 Jun 202210:05	–	cvelist
EUVD	EUVD-2022-52537	3 Oct 202520:07	–	euvd
ICS	Yokogawa CAMS for HIS	23 Jun 202200:00	–	ics
NVD	CVE-2022-30707	28 Jun 202213:15	–	nvd
OSV	CVE-2022-30707	28 Jun 202213:15	–	osv
Prion	Information disclosure	28 Jun 202213:15	–	prion
Positive Technologies	PT-2022-4220 · Yokogawa · Exaopc +5	28 Jun 202200:00	–	ptsecurity

NVD

Node

yokogawa centum_cs_3000_firmwareRanger3.08.10–r3.09.00

AND

yokogawa centum_cs_3000Match-

Node

yokogawa centum_cs_3000_entry_class_firmwareRanger3.08.10–r3.09.00

AND

yokogawa centum_cs_3000_entry_classMatch-

Node

yokogawa centum_vp_firmwareRanger4.01.00–r4.03.00

yokogawa centum_vp_firmwareRanger5.01.00–r5.04.20

yokogawa centum_vp_firmwareRanger6.01.00–r6.09.00

AND

yokogawa centum_vpMatch-

Node

yokogawa centum_vp_entry_class_firmwareRanger4.01.00–r4.03.00

yokogawa centum_vp_entry_class_firmwareRanger5.01.00–r5.04.20

yokogawa centum_vp_entry_class_firmwareRanger6.01.00–r6.09.00

AND

yokogawa centum_vp_entry_classMatch-

Node

yokogawa exaopcRanger3.72.00–r3.80.00

Node

yokogawa b/m9000_vpRanger6.01.01–r8.03.01

yokogawa b/m9000csRanger5.04.01–r5.05.01

[
  {
    "product": "CAMS for HIS",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/vu/JVNVU92819891/index.html
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-174-02
web-material3	www.web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf
web-material3	www.web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf

21 Nov 2024 07:03Current

8.5High risk

Vulners AI Score8.5

CVSS 25.4

CVSS 3.18.8

EPSS0.00717