7.8
CVE-2022-22148
- EPSS 0.04%
- Veröffentlicht 11.03.2022 09:15:11
- Zuletzt bearbeitet 21.11.2024 06:46:15
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yokogawa ≫ Centum Cs 3000 Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Cs 3000 Entry Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Vp Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Firmware Version >= r6.01.00 < r6.09.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Entry Firmware Version >= r6.01.00 < r6.09.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.083 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.