CVE-2022-22729

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
yokogawacentum_cs_3000_firmware
r3.08.10 ≤
𝑥
≤ r3.09.00
yokogawacentum_cs_3000_entry_firmware
r3.08.10 ≤
𝑥
≤ r3.09.00
yokogawacentum_vp_firmware
r4.01.00 ≤
𝑥
≤ r4.03.00
yokogawacentum_vp_firmware
r5.01.00 ≤
𝑥
≤ r5.04.20
yokogawacentum_vp_firmware
r6.01.00 ≤
𝑥
< r6.09.00
yokogawacentum_vp_entry_firmware
r4.01.00 ≤
𝑥
≤ r4.03.00
yokogawacentum_vp_entry_firmware
r5.01.00 ≤
𝑥
≤ r5.04.20
yokogawacentum_vp_entry_firmware
r6.01.00 ≤
𝑥
< r6.09.00
yokogawaexaopc
r3.72.00 ≤
𝑥
< r3.80.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf