CVE-2022-22141
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Affected (9)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From r3.08.10 to r3.09.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Cs 3000 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From r3.08.10 to r3.09.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Cs 3000 Entry | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From r4.01.00 to r4.03.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Vp | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From r4.01.00 to r4.03.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Vp Entry | All versions |
Related CWEs
CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References (2)
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.