8.1
CVE-2022-22151
- EPSS 0.35%
- Veröffentlicht 11.03.2022 09:15:11
- Zuletzt bearbeitet 21.11.2024 06:46:15
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yokogawa ≫ Centum Cs 3000 Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Cs 3000 Entry Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Vp Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Firmware Version >= r6.01.00 < r6.09.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Entry Firmware Version >= r6.01.00 < r6.09.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.546 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:P
|
CWE-116 Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CWE-117 Improper Output Neutralization for Logs
The product does not neutralize or incorrectly neutralizes output that is written to logs.