CVE-2022-22145

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Published: Mar 11, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-22145
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:N/I:P/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
yokogawa / centum_cs_3000_firmware	r3.08.10	r3.09.00.x
yokogawa / centum_cs_3000_entry_firmware	r3.08.10	r3.09.00.x
yokogawa / centum_vp_firmware	r4.01.00	r4.03.00.x
yokogawa / centum_vp_firmware	r5.01.00	r5.04.20.x
yokogawa / centum_vp_firmware	r6.01.00	r6.09.00
yokogawa / centum_vp_entry_firmware	r4.01.00	r4.03.00.x
yokogawa / centum_vp_entry_firmware	r5.01.00	r5.04.20.x
yokogawa / centum_vp_entry_firmware	r6.01.00	r6.09.00
yokogawa / exaopc	r3.72.00	r3.80.00

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Vulnerability Database

289,784

CVE-2022-22145