CVE-2022-21194

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
yokogawacentum_vp_firmware
r5.01.00 ≤
𝑥
≤ r5.04.20
yokogawacentum_vp_firmware
r6.01.00 ≤
𝑥
< r6.09.00
yokogawacentum_vp_entry_firmware
r4.01.00 ≤
𝑥
≤ r4.03.00
yokogawacentum_vp_entry_firmware
r5.01.00 ≤
𝑥
≤ r5.04.20
yokogawacentum_vp_entry_firmware
r6.01.00 ≤
𝑥
< r6.09.00
yokogawaexaopc
r3.72.00 ≤
𝑥
< r3.80.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf