CVE-2022-21177

2022-03-1109:10:39

CWE-23

jpcert

www.cve.org

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

CNA Affected

[
  {
    "product": "CENTUM CS 3000",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R3.08.10 to R3.09.00"
      }
    ]
  },
  {
    "product": "CENTUM VP",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R4.01.00 to R4.03.00"
      },
      {
        "status": "affected",
        "version": "versions from R5.01.00 to R5.04.20"
      },
      {
        "status": "affected",
        "version": "versions from R6.01.00 to R6.08.00"
      }
    ]
  },
  {
    "product": "Exaopc",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R3.72.00 to R3.79.00"
      }
    ]
  }
]

References

web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf