CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-33939
https://notcve.org/view.php?id=CVE-2022-33939
16 Aug 2022 — CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. El controlador CENTUM VP / CS 3000 FCS (CP31, CP33, CP345, CP401 y CP451) contiene un problema en el procesamiento de paquetes de comunicación, que puede conllevar a ... • https://jvn.jp/vu/JVNVU94343729/index.html •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-30707
https://notcve.org/view.php?id=CVE-2022-30707
28 Jun 2022 — Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.... • https://jvn.jp/vu/JVNVU92819891/index.html •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23402
https://notcve.org/view.php?id=CVE-2022-23402
11 Mar 2022 — The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 Los siguientes productos de Yokogawa Electric codifican la contraseña de las aplicaciones del servidor CAMS: CENTUM VP versiones desde R5.01.00 hasta R5.04.20 y versiones desde R6.01.00 hasta R6.08.00, Exaopc versiones desde R3.72.00 hasta R3.79.00 • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-23401
https://notcve.org/view.php?id=CVE-2022-23401
11 Mar 2022 — The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Los siguientes productos de Yokogawa Electric contienen problemas de carga de DLL no segura. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 ... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22729
https://notcve.org/view.php?id=CVE-2022-22729
11 Mar 2022 — CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Server contenido en los siguientes productos de Yokogawa Electric no autentican apropiadamente los paquetes de rece... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22151
https://notcve.org/view.php?id=CVE-2022-22151
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric no neutraliza apropiadamente las salidas de registro: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22148
https://notcve.org/view.php?id=CVE-2022-22148
11 Mar 2022 — 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Root Service" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuración ACL incorrecta. CENTUM CS 3000 ver... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22145
https://notcve.org/view.php?id=CVE-2022-22145
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric es vulnerable al consumo no controlado de recursos. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22141
https://notcve.org/view.php?id=CVE-2022-22141
11 Mar 2022 — 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Long-term Data Archive Package" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuració... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21808
https://notcve.org/view.php?id=CVE-2022-21808
11 Mar 2022 — Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Se presenta una vulnerabilidad de salto de ruta en CAMS for HIS Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP version... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •