CVE-2022-21808

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Published: Mar 11, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-21808
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
yokogawa / centum_cs_3000_firmware	r3.08.10	r3.09.00.x
yokogawa / centum_cs_3000_entry_firmware	r3.08.10	r3.09.00.x
yokogawa / centum_vp_firmware	r4.01.00	r4.03.00.x
yokogawa / centum_vp_firmware	r5.01.00	r5.04.20.x
yokogawa / centum_vp_firmware	r6.01.00	r6.09.00
yokogawa / centum_vp_entry_firmware	r4.01.00	r4.03.00.x
yokogawa / centum_vp_entry_firmware	r5.01.00	r5.04.20.x
yokogawa / centum_vp_entry_firmware	r6.01.00	r6.09.00
yokogawa / exaopc	r3.72.00	r3.80.00

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Vulnerability Database

289,871

CVE-2022-21808