8.8
CVE-2022-22729
- EPSS 0.14%
- Veröffentlicht 11.03.2022 09:15:11
- Zuletzt bearbeitet 21.11.2024 06:47:20
- Quelle vultures@jpcert.or.jp
- Teams Watchlist Login
- Unerledigt Login
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yokogawa ≫ Centum Cs 3000 Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Cs 3000 Entry Firmware Version >= r3.08.10 <= r3.09.00
Yokogawa ≫ Centum Vp Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Firmware Version >= r6.01.00 < r6.09.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r4.01.00 <= r4.03.00
Yokogawa ≫ Centum Vp Entry Firmware Version >= r5.01.00 <= r5.04.20
Yokogawa ≫ Centum Vp Entry Firmware Version >= r6.01.00 < r6.09.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.312 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-302 Authentication Bypass by Assumed-Immutable Data
The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker.