CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22148
https://notcve.org/view.php?id=CVE-2022-22148
11 Mar 2022 — 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Root Service" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuración ACL incorrecta. CENTUM CS 3000 ver... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22145
https://notcve.org/view.php?id=CVE-2022-22145
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric es vulnerable al consumo no controlado de recursos. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22141
https://notcve.org/view.php?id=CVE-2022-22141
11 Mar 2022 — 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Long-term Data Archive Package" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuració... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21808
https://notcve.org/view.php?id=CVE-2022-21808
11 Mar 2022 — Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Se presenta una vulnerabilidad de salto de ruta en CAMS for HIS Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP version... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21194
https://notcve.org/view.php?id=CVE-2022-21194
11 Mar 2022 — The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. Los siguientes productos de Yokogawa Electric no cambian las contraseñas de las cuentas internas de Windows desde la configuración inicial: CENTUM VP versiones desde R5.01.00 a R5.04.20 y versiones desde R6.01.00 a R6.08.0, Exaopc versiones desde R3.7... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21177
https://notcve.org/view.php?id=CVE-2022-21177
11 Mar 2022 — There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Se presenta una vulnerabilidad de salto de ruta en CAMS para HIS Log Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTU... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5608
https://notcve.org/view.php?id=CVE-2020-5608
05 Aug 2020 — CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.... • https://jvn.jp/vu/JVNVU97997181/index.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2020-5609
https://notcve.org/view.php?id=CVE-2020-5609
05 Aug 2020 — Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. Una vulnerabilidad salto de directorio en CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta ... • https://jvn.jp/vu/JVNVU97997181/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 32EXPL: 0CVE-2015-5626
https://notcve.org/view.php?id=CVE-2015-5626
05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 38%CPEs: 32EXPL: 0CVE-2015-5628
https://notcve.org/view.php?id=CVE-2015-5628
05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •