Lucene search

JpcertCVE-2022-22145

HistoryMar 11, 2022 - 9:15 a.m.

CVE-2022-22145

2022-03-1109:15:11

CWE-400

jpcert

web.nvd.nist.gov

cve-2022-22145

cams

his log server

yokogawa electric

uncontrolled resource consumption

nvd

centum cs 3000

centum vp

exaopc

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Affected configurations

Nvd

Vulners

Node

yokogawacentum_cs_3000_firmwareRanger3.08.10–r3.09.00

AND

yokogawacentum_cs_3000Match-

Node

yokogawacentum_cs_3000_entry_firmwareRanger3.08.10–r3.09.00

AND

yokogawacentum_cs_3000_entryMatch-

Node

yokogawacentum_vp_firmwareRanger4.01.00–r4.03.00

yokogawacentum_vp_firmwareRanger5.01.00–r5.04.20

yokogawacentum_vp_firmwareRanger6.01.00–r6.09.00

AND

yokogawacentum_vpMatch-

Node

yokogawacentum_vp_entry_firmwareRanger4.01.00–r4.03.00

yokogawacentum_vp_entry_firmwareRanger5.01.00–r5.04.20

yokogawacentum_vp_entry_firmwareRanger6.01.00–r6.09.00

AND

yokogawacentum_vp_entryMatch-

Node

yokogawaexaopcRanger3.72.00–r3.80.00

VendorProductVersionCPE
yokogawacentum_cs_3000_firmware*cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*
yokogawacentum_cs_3000-cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*
yokogawacentum_cs_3000_entry_firmware*cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*
yokogawacentum_cs_3000_entry-cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*
yokogawacentum_vp_firmware*cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
yokogawacentum_vp-cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*
yokogawacentum_vp_entry_firmware*cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*
yokogawacentum_vp_entry-cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*
yokogawaexaopc*cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yokogawa	centum_cs_3000_firmware	*	cpe:2.3:o:yokogawa:centum_cs_3000_firmware::::::::
yokogawa	centum_cs_3000	-	cpe:2.3:h:yokogawa:centum_cs_3000:-:::::::*
yokogawa	centum_cs_3000_entry_firmware	*	cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware::::::::
yokogawa	centum_cs_3000_entry	-	cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:::::::*
yokogawa	centum_vp_firmware	*	cpe:2.3:o:yokogawa:centum_vp_firmware::::::::
yokogawa	centum_vp	-	cpe:2.3:h:yokogawa:centum_vp:-:::::::*
yokogawa	centum_vp_entry_firmware	*	cpe:2.3:o:yokogawa:centum_vp_entry_firmware::::::::
yokogawa	centum_vp_entry	-	cpe:2.3:h:yokogawa:centum_vp_entry:-:::::::*
yokogawa	exaopc	*	cpe:2.3:a:yokogawa:exaopc::::::::

CNA Affected

[
  {
    "product": "CENTUM CS 3000",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R3.08.10 to R3.09.00"
      }
    ]
  },
  {
    "product": "CENTUM VP",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R4.01.00 to R4.03.00"
      },
      {
        "status": "affected",
        "version": "versions from R5.01.00 to R5.04.20"
      },
      {
        "status": "affected",
        "version": "versions from R6.01.00 to R6.08.00"
      }
    ]
  },
  {
    "product": "Exaopc",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "versions from R3.72.00 to R3.79.00"
      }
    ]
  }
]

References

web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

Related for CVE-2022-22145