CVE-2022-22151

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.

Published: Mar 11, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-22151
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:N/I:P/A:P

CWEs:

CWE-116

Affected Software
References

Software	From	Fixed in
yokogawa / centum_cs_3000_firmware	r3.08.10	r3.09.00.x
yokogawa / centum_cs_3000_entry_firmware	r3.08.10	r3.09.00.x
yokogawa / centum_vp_firmware	r4.01.00	r4.03.00.x
yokogawa / centum_vp_firmware	r5.01.00	r5.04.20.x
yokogawa / centum_vp_firmware	r6.01.00	r6.09.00
yokogawa / centum_vp_entry_firmware	r4.01.00	r4.03.00.x
yokogawa / centum_vp_entry_firmware	r5.01.00	r5.04.20.x
yokogawa / centum_vp_entry_firmware	r6.01.00	r6.09.00
yokogawa / exaopc	r3.72.00	r3.80.00

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Vulnerability Database

289,697

CVE-2022-22151