7.8
CVE-2022-22141
- EPSS 0.05%
- Veröffentlicht 11.03.2022 09:15:11
- Zuletzt bearbeitet 21.11.2024 06:46:14
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yokogawa ≫ Centum Cs 3000 Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Cs 3000 Entry Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Vp Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Firmware Version >= r6.01.00 < r6.09.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Entry Firmware Version >= r6.01.00 < r6.09.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.124 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.