CVE-2022-22148

Published: Mar 11, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Affected (9)

Products: Yokogawa: Centum Cs 3000 Firmware, Centum Cs 3000 Entry Firmware, Centum Vp Firmware, Centum Vp Entry Firmware, Exaopc

Yokogawa

5 products

Centum Cs 3000 Firmware

Centum Cs 3000 Entry Firmware

Centum Vp Firmware

Centum Vp Entry Firmware

Exaopc

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Centum Cs 3000 Firmware	From r3.08.10 to r3.09.00

Running on/with	Platform Versions
Yokogawa Centum Cs 3000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Centum Cs 3000 Entry Firmware	From r3.08.10 to r3.09.00

Running on/with	Platform Versions
Yokogawa Centum Cs 3000 Entry	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Centum Vp Firmware	From r4.01.00 to r4.03.00
Yokogawa Centum Vp Firmware	From r5.01.00 to r5.04.20
Yokogawa Centum Vp Firmware	From r6.01.00 to r6.09.00

Running on/with	Platform Versions
Yokogawa Centum Vp	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Centum Vp Entry Firmware	From r4.01.00 to r4.03.00
Yokogawa Centum Vp Entry Firmware	From r5.01.00 to r5.04.20
Yokogawa Centum Vp Entry Firmware	From r6.01.00 to r6.09.00