Lucene search
K

123 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/28 1:15 p.m.1 views

CVE-2022-30707

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...

8.8CVSS5.8AI score0.00579EPSS
Exploits0References5
NVD
NVD
added 2022/06/28 1:15 p.m.36 views

CVE-2022-30707

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...

8.8CVSS0.00579EPSS
Exploits0References4
OSV
OSV
added 2022/06/28 1:15 p.m.5 views

CVE-2022-30707

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...

8.8CVSS5.8AI score0.00579EPSS
Exploits0References4
Prion
Prion
added 2022/06/28 1:15 p.m.22 views

Information disclosure

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...

5.4CVSS8.5AI score0.00579EPSS
Exploits0References4Affected Software7
CVE
CVE
added 2022/06/28 10:5 a.m.77 views

CVE-2022-30707

CVE-2022-30707 affects Yokogawa CAMS for HIS across CENTUM CS 3000 (LHS4800), CENTUM VP/VP Basic (R4.01.00–R6.09.00), Exaopc (R3.72.00–R3.80.00 with NTPF100-S6), B/M9000 CS (R5.04.01–R5.05.01) and B/M9000 VP (R6.01.01–R8.03.01). Root cause: violation of secure design principles in CAMS for HIS co...

8.8CVSS8.5AI score0.00579EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.3 views

Yokogawa Exaopc 安全漏洞

The Yokogawa Exaopc is an OPC data access server from Yokogawa Electric Yokogawa, Japan. A security vulnerability exists in the Yokogawa CENTUM CS 3000 that stems from a violation of security design principles...

8.8CVSS7.9AI score0.00579EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.9 views

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to execute arbitrary commands.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, is related to authentication process flaws. Exploiting this vulnerability could allow attackers...

7.1CVSS7.9AI score0.0093EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.7 views

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to increase their privileges.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, stems from the use of rigidly encoded user credentials. Exploiting this vulnerability could all...

7.1CVSS7.7AI score0.00953EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/04/04 12:0 a.m.55 views

Yokogawa CENTUM and Exaopc Use of Hard-Coded Credentials (CVE-2022-21194)

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. This plugin only works with...

9.8CVSS8.3AI score0.00953EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/03/30 12:0 a.m.44 views

Yokogawa CENTUM and Exaopc Use of Hard-Coded Credentials (CVE-2022-23402)

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 This plugin only works with Tenable.ot. Please visit...

9.8CVSS7.2AI score0.00981EPSS
Exploits0References3
ICS
ICS
added 2022/03/24 12:0 a.m.234 views

Yokogawa CENTUM and Exaopc

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: CENTUM and Exaopc Vulnerabilities: Use of Hard-coded Credentials, Relative Path Traversal, Improper Output Neutralization for Logs, OS Command Injection, Permissions, Privileges...

9.8CVSS9.1AI score0.01042EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.48 views

Yokogawa CENTUM and Exaopc Permissions, Privileges, and Access Controls (CVE-2022-22141)

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

7.8CVSS6.8AI score0.00202EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.66 views

Yokogawa CENTUM and Exaopc Uncontrolled Search Path Element (CVE-2022-23401)

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. This plugin only work...

7.8CVSS7.4AI score0.00216EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.45 views

Yokogawa CENTUM and Exaopc Relative Path Traversal (CVE-2022-22729)

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to...

8.8CVSS7.8AI score0.0093EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.59 views

Yokogawa CENTUM and Exaopc Relative Path Traversal (CVE-2022-21808)

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.0...

8.8CVSS7.8AI score0.01042EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.73 views

Yokogawa CENTUM and Exaopc Improper Output Neutralization For Logs (CVE-2022-21177)

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from...

8.1CVSS7.6AI score0.00922EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.60 views

Yokogawa CENTUM and Exaopc Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-22148)

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc...

7.8CVSS7.3AI score0.00215EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/11 9:15 a.m.8 views

CVE-2022-22141

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...

7.8CVSS7.1AI score0.00202EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/11 9:15 a.m.6 views

CVE-2022-23402

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...

9.8CVSS7.2AI score0.00981EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/11 9:15 a.m.7 views

CVE-2022-22151

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions fr...

8.1CVSS7.2AI score0.00792EPSS
Exploits0References2
Rows per page
Query Builder