'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
Link | Resource |
---|---|
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
History
18 Mar 2022, 15:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:* cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:* cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:* cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:* cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:* |
|
CWE | CWE-732 | |
First Time |
Yokogawa centum Vp Firmware
Yokogawa exaopc Yokogawa centum Cs 3000 Entry Yokogawa centum Vp Entry Yokogawa Yokogawa centum Vp Yokogawa centum Vp Entry Firmware Yokogawa centum Cs 3000 Entry Firmware Yokogawa centum Cs 3000 Firmware Yokogawa centum Cs 3000 |
|
References | (CONFIRM) https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.8 |
11 Mar 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-11 09:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-22148
Mitre link : CVE-2022-22148
CVE.ORG link : CVE-2022-22148
JSON object : View
Products Affected
yokogawa
- centum_vp_firmware
- centum_vp
- centum_vp_entry
- centum_cs_3000
- exaopc
- centum_cs_3000_entry_firmware
- centum_cs_3000_entry
- centum_cs_3000_firmware
- centum_vp_entry_firmware
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource