← Back

CVE-2022-21808

nvd nist
Published: Mar 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Affected (9)

Yokogawa
5 products
Centum Cs 3000 Firmware
Centum Cs 3000 Entry Firmware
Centum Vp Firmware
Centum Vp Entry Firmware
Exaopc
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Centum Cs 3000 Firmware
From r3.08.10 to r3.09.00
Running on/withPlatform Versions
Yokogawa
Centum Cs 3000
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Centum Cs 3000 Entry Firmware
From r3.08.10 to r3.09.00
Running on/withPlatform Versions
Yokogawa
Centum Cs 3000 Entry
All versions
Configuration C
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Yokogawa
Centum Vp Firmware
From r4.01.00 to r4.03.00
Centum Vp Firmware
From r5.01.00 to r5.04.20
Centum Vp Firmware
From r6.01.00 to r6.09.00
Running on/withPlatform Versions
Yokogawa
Centum Vp
All versions
Configuration D
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Yokogawa
Centum Vp Entry Firmware
From r4.01.00 to r4.03.00
Centum Vp Entry Firmware
From r5.01.00 to r5.04.20
Centum Vp Entry Firmware
From r6.01.00 to r6.09.00
Running on/withPlatform Versions
Yokogawa
Centum Vp Entry
All versions
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Exaopc
From r3.72.00 to r3.80.00

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

References (2)

Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.