CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-30707
https://notcve.org/view.php?id=CVE-2022-30707
28 Jun 2022 — Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.... • https://jvn.jp/vu/JVNVU92819891/index.html •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-23401
https://notcve.org/view.php?id=CVE-2022-23401
11 Mar 2022 — The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Los siguientes productos de Yokogawa Electric contienen problemas de carga de DLL no segura. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 ... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22729
https://notcve.org/view.php?id=CVE-2022-22729
11 Mar 2022 — CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Server contenido en los siguientes productos de Yokogawa Electric no autentican apropiadamente los paquetes de rece... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22151
https://notcve.org/view.php?id=CVE-2022-22151
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric no neutraliza apropiadamente las salidas de registro: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22148
https://notcve.org/view.php?id=CVE-2022-22148
11 Mar 2022 — 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Root Service" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuración ACL incorrecta. CENTUM CS 3000 ver... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22145
https://notcve.org/view.php?id=CVE-2022-22145
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric es vulnerable al consumo no controlado de recursos. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22141
https://notcve.org/view.php?id=CVE-2022-22141
11 Mar 2022 — 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Long-term Data Archive Package" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuració... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21808
https://notcve.org/view.php?id=CVE-2022-21808
11 Mar 2022 — Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Se presenta una vulnerabilidad de salto de ruta en CAMS for HIS Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP version... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21177
https://notcve.org/view.php?id=CVE-2022-21177
11 Mar 2022 — There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Se presenta una vulnerabilidad de salto de ruta en CAMS para HIS Log Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTU... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 3%CPEs: 32EXPL: 0CVE-2015-5626
https://notcve.org/view.php?id=CVE-2015-5626
05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •