CVE-2022-23402

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
yokogawacentum_vp_firmware
r5.01.00 ≤
𝑥
≤ r5.04.20
yokogawacentum_vp_firmware
r6.01.00 ≤
𝑥
< r6.09.00
yokogawacentum_vp_entry_firmware
r5.01.00 ≤
𝑥
≤ r5.04.20
yokogawacentum_vp_entry_firmware
r6.01.00 ≤
𝑥
< r6.09.00
yokogawaexaopc
r3.72.00 ≤
𝑥
< r3.80.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf