Lucene search

[email protected]NVD:CVE-2022-21808

HistoryMar 11, 2022 - 9:15 a.m.

CVE-2022-21808

2022-03-1109:15:11

CWE-23

CWE-22

[email protected]

web.nvd.nist.gov

cve-2022-21808

cams

his server

yokogawa electric

centum cs 3000

centum vp

exaopc

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.4%

JSON

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Affected configurations

Nvd

Node

yokogawacentum_cs_3000_firmwareRanger3.08.10–r3.09.00

AND

yokogawacentum_cs_3000Match-

Node

yokogawacentum_cs_3000_entry_firmwareRanger3.08.10–r3.09.00

AND

yokogawacentum_cs_3000_entryMatch-

Node

yokogawacentum_vp_firmwareRanger4.01.00–r4.03.00

yokogawacentum_vp_firmwareRanger5.01.00–r5.04.20

yokogawacentum_vp_firmwareRanger6.01.00–r6.09.00

AND

yokogawacentum_vpMatch-

Node

yokogawacentum_vp_entry_firmwareRanger4.01.00–r4.03.00

yokogawacentum_vp_entry_firmwareRanger5.01.00–r5.04.20

yokogawacentum_vp_entry_firmwareRanger6.01.00–r6.09.00

AND

yokogawacentum_vp_entryMatch-

Node

yokogawaexaopcRanger3.72.00–r3.80.00

VendorProductVersionCPE
yokogawacentum_cs_3000_firmware*cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*
yokogawacentum_cs_3000-cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*
yokogawacentum_cs_3000_entry_firmware*cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*
yokogawacentum_cs_3000_entry-cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*
yokogawacentum_vp_firmware*cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
yokogawacentum_vp-cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*
yokogawacentum_vp_entry_firmware*cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*
yokogawacentum_vp_entry-cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*
yokogawaexaopc*cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yokogawa	centum_cs_3000_firmware	*	cpe:2.3:o:yokogawa:centum_cs_3000_firmware::::::::
yokogawa	centum_cs_3000	-	cpe:2.3:h:yokogawa:centum_cs_3000:-:::::::*
yokogawa	centum_cs_3000_entry_firmware	*	cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware::::::::
yokogawa	centum_cs_3000_entry	-	cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:::::::*
yokogawa	centum_vp_firmware	*	cpe:2.3:o:yokogawa:centum_vp_firmware::::::::
yokogawa	centum_vp	-	cpe:2.3:h:yokogawa:centum_vp:-:::::::*
yokogawa	centum_vp_entry_firmware	*	cpe:2.3:o:yokogawa:centum_vp_entry_firmware::::::::
yokogawa	centum_vp_entry	-	cpe:2.3:h:yokogawa:centum_vp_entry:-:::::::*
yokogawa	exaopc	*	cpe:2.3:a:yokogawa:exaopc::::::::

References

web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

48.4%

JSON

Related for NVD:CVE-2022-21808

cvelist1 prion1 cve1 nessus1 ics1