123 matches found
CVE-2022-30707
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...
CVE-2022-30707
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...
CVE-2022-30707
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...
Information disclosure
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00, CENTUM series where CAMS function is used CENTUM VP, CENTUM VP Small, and...
CVE-2022-30707
CVE-2022-30707 affects Yokogawa CAMS for HIS across CENTUM CS 3000 (LHS4800), CENTUM VP/VP Basic (R4.01.00–R6.09.00), Exaopc (R3.72.00–R3.80.00 with NTPF100-S6), B/M9000 CS (R5.04.01–R5.05.01) and B/M9000 VP (R6.01.01–R8.03.01). Root cause: violation of secure design principles in CAMS for HIS co...
Yokogawa Exaopc 安全漏洞
The Yokogawa Exaopc is an OPC data access server from Yokogawa Electric Yokogawa, Japan. A security vulnerability exists in the Yokogawa CENTUM CS 3000 that stems from a violation of security design principles...
The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to execute arbitrary commands.
The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, is related to authentication process flaws. Exploiting this vulnerability could allow attackers...
The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to increase their privileges.
The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, stems from the use of rigidly encoded user credentials. Exploiting this vulnerability could all...
Yokogawa CENTUM and Exaopc Use of Hard-Coded Credentials (CVE-2022-21194)
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. This plugin only works with...
Yokogawa CENTUM and Exaopc Use of Hard-Coded Credentials (CVE-2022-23402)
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 This plugin only works with Tenable.ot. Please visit...
Yokogawa CENTUM and Exaopc
1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Yokogawa Equipment: CENTUM and Exaopc Vulnerabilities: Use of Hard-coded Credentials, Relative Path Traversal, Improper Output Neutralization for Logs, OS Command Injection, Permissions, Privileges...
Yokogawa CENTUM and Exaopc Permissions, Privileges, and Access Controls (CVE-2022-22141)
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...
Yokogawa CENTUM and Exaopc Uncontrolled Search Path Element (CVE-2022-23401)
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. This plugin only work...
Yokogawa CENTUM and Exaopc Relative Path Traversal (CVE-2022-22729)
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to...
Yokogawa CENTUM and Exaopc Relative Path Traversal (CVE-2022-21808)
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.0...
Yokogawa CENTUM and Exaopc Improper Output Neutralization For Logs (CVE-2022-21177)
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from...
Yokogawa CENTUM and Exaopc Improper Neutralization of Special Elements Used in an OS Command (CVE-2022-22148)
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc...
CVE-2022-22141
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 t...
CVE-2022-23402
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00...
CVE-2022-22151
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions fr...