CVE-2022-22151
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Exploitability: 2.8 / Impact: 5.2
Source: NVD
Description
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
Affected (9)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From r3.08.10 to r3.09.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Cs 3000 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| From r3.08.10 to r3.09.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Cs 3000 Entry | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| From r4.01.00 to r4.03.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Vp | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| From r4.01.00 to r4.03.00 |
| Running on/with | Platform Versions |
|---|---|
Yokogawa Centum Vp Entry | All versions |
Related CWEs
CWE-116
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-117
Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.
References (2)
Source: vultures@jpcert.or.jp
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Timeline
No history available yet.