CVE-2022-23402

Published: Mar 11, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00

Affected (5)

Products: Yokogawa: Centum Vp Firmware, Centum Vp Entry Firmware, Exaopc

Yokogawa

3 products

Centum Vp Firmware

Centum Vp Entry Firmware

Exaopc

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Centum Vp Firmware	From r5.01.00 to r5.04.20
Yokogawa Centum Vp Firmware	From r6.01.00 to r6.09.00

Running on/with	Platform Versions
Yokogawa Centum Vp	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Yokogawa Centum Vp Entry Firmware	From r5.01.00 to r5.04.20
Yokogawa Centum Vp Entry Firmware	From r6.01.00 to r6.09.00

Running on/with	Platform Versions
Yokogawa Centum Vp Entry	All versions

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Exaopc	From r3.72.00 to r3.80.00

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Source: vultures@jpcert.or.jp

Vendor Advisory

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.