CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-26593
https://notcve.org/view.php?id=CVE-2023-26593
11 Apr 2023 — CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user creden... • https://jvn.jp/en/vu/JVNVU98775218 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-30707
https://notcve.org/view.php?id=CVE-2022-30707
28 Jun 2022 — Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.... • https://jvn.jp/vu/JVNVU92819891/index.html •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23402
https://notcve.org/view.php?id=CVE-2022-23402
11 Mar 2022 — The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 Los siguientes productos de Yokogawa Electric codifican la contraseña de las aplicaciones del servidor CAMS: CENTUM VP versiones desde R5.01.00 hasta R5.04.20 y versiones desde R6.01.00 hasta R6.08.00, Exaopc versiones desde R3.72.00 hasta R3.79.00 • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-23401
https://notcve.org/view.php?id=CVE-2022-23401
11 Mar 2022 — The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Los siguientes productos de Yokogawa Electric contienen problemas de carga de DLL no segura. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 ... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22729
https://notcve.org/view.php?id=CVE-2022-22729
11 Mar 2022 — CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Server contenido en los siguientes productos de Yokogawa Electric no autentican apropiadamente los paquetes de rece... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22151
https://notcve.org/view.php?id=CVE-2022-22151
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric no neutraliza apropiadamente las salidas de registro: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22148
https://notcve.org/view.php?id=CVE-2022-22148
11 Mar 2022 — 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Root Service" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuración ACL incorrecta. CENTUM CS 3000 ver... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22145
https://notcve.org/view.php?id=CVE-2022-22145
11 Mar 2022 — CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric es vulnerable al consumo no controlado de recursos. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, C... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-22141
https://notcve.org/view.php?id=CVE-2022-22141
11 Mar 2022 — 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. El servicio "Long-term Data Archive Package" implementado en los siguientes productos de Yokogawa Electric crea algunas tuberías con nombre con una configuració... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21808
https://notcve.org/view.php?id=CVE-2022-21808
11 Mar 2022 — Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Se presenta una vulnerabilidad de salto de ruta en CAMS for HIS Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP version... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •