CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-30997
https://notcve.org/view.php?id=CVE-2022-30997
28 Jun 2022 — Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. Se presenta una vulnerabilidad en el uso de credenciales embebidas en el controlador STARDOM FCN y en el controlador FCJ versiones R4.10 a R4.31, que puede permitir a un atacante con un privilegio administrativo leer/cambiar los ajustes de configuració... • https://jvn.jp/vu/JVNVU95452299/index.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-30707
https://notcve.org/view.php?id=CVE-2022-30707
28 Jun 2022 — Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.... • https://jvn.jp/vu/JVNVU92819891/index.html •
CVSS: 7.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-29519
https://notcve.org/view.php?id=CVE-2022-29519
28 Jun 2022 — Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. Se presenta una vulnerabilidad de transmisión de texto sin cifrar de información confidencial en STARDOM FCN Controller y FCJ Controller versiones R1.01 a R4.31, que puede permitir a un atacante adyacente iniciar sesión en los productos afect... • https://jvn.jp/vu/JVNVU95452299/index.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27188
https://notcve.org/view.php?id=CVE-2022-27188
15 Apr 2022 — OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en CENTUM VP versiones R4.01.00 a R4.03.00, CENTUM VP Small v... • https://jvn.jp/vu/JVNVU99204686/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26034
https://notcve.org/view.php?id=CVE-2022-26034
15 Apr 2022 — Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server. Una vulnerabilidad de autenticación inapropiada en el protocolo de comunicación proporcionado por el servidor AD (Automation... • https://jvn.jp/vu/JVNVU99204686/index.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-16232 – Yokogawa WideField3 Buffer Copy Without Checking Size of Input
https://notcve.org/view.php?id=CVE-2020-16232
18 Mar 2022 — In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file. En Yokogawa WideField3 R1.01 - R4.03, podría causarse un desbordamiento del búfer cuando un usuario carga un archivo de proyecto diseñado de forma maliciosa • https://www.cisa.gov/uscert/ics/advisories/icsa-20-273-02 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23402
https://notcve.org/view.php?id=CVE-2022-23402
11 Mar 2022 — The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 Los siguientes productos de Yokogawa Electric codifican la contraseña de las aplicaciones del servidor CAMS: CENTUM VP versiones desde R5.01.00 hasta R5.04.20 y versiones desde R6.01.00 hasta R6.08.00, Exaopc versiones desde R3.72.00 hasta R3.79.00 • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-23401
https://notcve.org/view.php?id=CVE-2022-23401
11 Mar 2022 — The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Los siguientes productos de Yokogawa Electric contienen problemas de carga de DLL no segura. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 ... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22729
https://notcve.org/view.php?id=CVE-2022-22729
11 Mar 2022 — CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Server contenido en los siguientes productos de Yokogawa Electric no autentican apropiadamente los paquetes de rece... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22151
https://notcve.org/view.php?id=CVE-2022-22151
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric no neutraliza apropiadamente las salidas de registro: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •