CVE-2022-30707

🗓️ 28 Jun 2022 10:05:59Reported by jpcertType

Violation of secure design principles in CAMS for HI

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-30707	28 Jun 202213:15	–	attackerkb
BDU FSTEC	The vulnerabilities of distributed control systems such as CENTUM CS 3000, CENTUM VP, B/M9000 VP, B/M9000CS, and the OPC-server Exaopc are related to violations of secure design principles. These vulnerabilities allow attackers to access protected information or cause service failures.	17 Aug 202200:00	–	bdu_fstec
Circl	CVE-2022-30707	29 Jun 202204:42	–	circl
CNNVD	Yokogawa Exaopc 安全漏洞	23 Jun 202200:00	–	cnnvd
CVE	CVE-2022-30707	28 Jun 202210:05	–	cve
EUVD	EUVD-2022-52537	3 Oct 202520:07	–	euvd
ICS	Yokogawa CAMS for HIS	23 Jun 202200:00	–	ics
NVD	CVE-2022-30707	28 Jun 202213:15	–	nvd
OSV	CVE-2022-30707	28 Jun 202213:15	–	osv
Prion	Information disclosure	28 Jun 202213:15	–	prion

[
  {
    "product": "CAMS for HIS",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
      }
    ]
  }
]

Source	Link
jvn	www.jvn.jp/vu/JVNVU92819891/index.html
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-174-02
web-material3	www.web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf
web-material3	www.web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf

28 Jun 2022 10:05Current

8.8High risk

Vulners AI Score8.8

EPSS0.00717