CVE-2022-33939

EUVD-2022-36975
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
yokogawacentum_cs_3000_cp401_firmware
-
yokogawacentum_cs_3000_cp451_firmware
-
yokogawacentum_cs_3000_cp33_firmware
-
yokogawacentum_cs_3000_cp345_firmware
-
yokogawacentum_cs_3000_cp31_firmware
-
yokogawacentum_vp_3000_cp401_firmware
r4.01.00 ≤
𝑥
≤ r4.03.00
yokogawacentum_vp_3000_cp401_firmware
r5.01.00 ≤
𝑥
< r5.04.78
yokogawacentum_vp_3000_cp401_firmware
r6.01.00 ≤
𝑥
< r6.03.10
yokogawacentum_vp_3000_cp451_firmware
r4.01.00 ≤
𝑥
≤ r4.03.00
yokogawacentum_vp_3000_cp451_firmware
r5.01.00 ≤
𝑥
< r5.04.78
yokogawacentum_vp_3000_cp451_firmware
r6.01.00 ≤
𝑥
< r6.03.10
𝑥
= Vulnerable software versions
References
https://jvn.jp/vu/JVNVU94343729/index.html
https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdf
https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdf
https://jvn.jp/vu/JVNVU94343729/index.html
https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdf
https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdf