CVE-2022-21177

EPSS 0.46%
Veröffentlicht 11.03.2022 09:15:11
Zuletzt bearbeitet 21.11.2024 06:44:02
Quelle vultures@jpcert.or.jp
Teams Watchlist Login
Unerledigt Login

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yokogawa ≫ Centum Cs 3000 Firmware Version >= r3.08.10 <= r3.09.00

Yokogawa ≫ Centum Cs 3000 Version-

Yokogawa ≫ Centum Cs 3000 Entry Firmware Version >= r3.08.10 <= r3.09.00

Yokogawa ≫ Centum Cs 3000 Entry Version-

Yokogawa ≫ Centum Vp Firmware Version >= r4.01.00 <= r4.03.00

Yokogawa ≫ Centum Vp Version-

Yokogawa ≫ Centum Vp Firmware Version >= r5.01.00 <= r5.04.20

Yokogawa ≫ Centum Vp Version-

Yokogawa ≫ Centum Vp Firmware Version >= r6.01.00 < r6.09.00

Yokogawa ≫ Centum Vp Version-

Yokogawa ≫ Centum Vp Entry Firmware Version >= r4.01.00 <= r4.03.00

Yokogawa ≫ Centum Vp Entry Version-

Yokogawa ≫ Centum Vp Entry Firmware Version >= r5.01.00 <= r5.04.20

Yokogawa ≫ Centum Vp Entry Version-

Yokogawa ≫ Centum Vp Entry Firmware Version >= r6.01.00 < r6.09.00

Yokogawa ≫ Centum Vp Entry Version-

Yokogawa ≫ Exaopc Version >= r3.72.00 < r3.80.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.616

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:N/I:P/A:P

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-21177

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21177

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21177

EUVD