7.8

CVE-2022-23401

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Data is provided by the National Vulnerability Database (NVD)
YokogawaCentum Cs 3000 Firmware Version >= r3.08.10 <= r3.09.00
   YokogawaCentum Cs 3000 Version-
YokogawaCentum Cs 3000 Entry Firmware Version >= r3.08.10 <= r3.09.00
   YokogawaCentum Cs 3000 Entry Version-
YokogawaCentum Vp Firmware Version >= r4.01.00 <= r4.03.00
   YokogawaCentum Vp Version-
YokogawaCentum Vp Firmware Version >= r5.01.00 <= r5.04.20
   YokogawaCentum Vp Version-
YokogawaCentum Vp Firmware Version >= r6.01.00 < r6.09.00
   YokogawaCentum Vp Version-
YokogawaCentum Vp Entry Firmware Version >= r4.01.00 <= r4.03.00
   YokogawaCentum Vp Entry Version-
YokogawaCentum Vp Entry Firmware Version >= r5.01.00 <= r5.04.20
   YokogawaCentum Vp Entry Version-
YokogawaCentum Vp Entry Firmware Version >= r6.01.00 < r6.09.00
   YokogawaCentum Vp Entry Version-
YokogawaExaopc Version >= r3.72.00 < r3.80.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.161
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 3.7 1.9 6.4
AV:L/AC:H/Au:N/C:P/I:P/A:P
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.