// For flags

CVE-2022-21177

 

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Se presenta una vulnerabilidad de salto de ruta en CAMS para HIS Log Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, Exaopc versiones desde R3.72.00 a R3.79.00

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-02-03 CVE Reserved
  • 2022-03-11 CVE Published
  • 2023-10-02 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-23: Relative Path Traversal
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf 2022-03-18
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Yokogawa
Search vendor "Yokogawa"
 Centum Cs 3000 Firmware
Search vendor "Yokogawa" for product "Centum Cs 3000 Firmware"
 >= r3.08.10 <= r3.09.00
Search vendor "Yokogawa" for product "Centum Cs 3000 Firmware" and version " >= r3.08.10 <= r3.09.00"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Cs 3000
Search vendor "Yokogawa" for product "Centum Cs 3000"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Centum Cs 3000 Entry Firmware
Search vendor "Yokogawa" for product "Centum Cs 3000 Entry Firmware"
 >= r3.08.10 <= r3.09.00
Search vendor "Yokogawa" for product "Centum Cs 3000 Entry Firmware" and version " >= r3.08.10 <= r3.09.00"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Cs 3000 Entry
Search vendor "Yokogawa" for product "Centum Cs 3000 Entry"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Centum Vp Firmware
Search vendor "Yokogawa" for product "Centum Vp Firmware"
 >= r4.01.00 <= r4.03.00
Search vendor "Yokogawa" for product "Centum Vp Firmware" and version " >= r4.01.00 <= r4.03.00"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Vp
Search vendor "Yokogawa" for product "Centum Vp"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Centum Vp Firmware
Search vendor "Yokogawa" for product "Centum Vp Firmware"
 >= r5.01.00 <= r5.04.20
Search vendor "Yokogawa" for product "Centum Vp Firmware" and version " >= r5.01.00 <= r5.04.20"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Vp
Search vendor "Yokogawa" for product "Centum Vp"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Centum Vp Firmware
Search vendor "Yokogawa" for product "Centum Vp Firmware"
 >= r6.01.00 < r6.09.00
Search vendor "Yokogawa" for product "Centum Vp Firmware" and version " >= r6.01.00 < r6.09.00"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Vp
Search vendor "Yokogawa" for product "Centum Vp"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Centum Vp Entry Firmware
Search vendor "Yokogawa" for product "Centum Vp Entry Firmware"
 >= r4.01.00 <= r4.03.00
Search vendor "Yokogawa" for product "Centum Vp Entry Firmware" and version " >= r4.01.00 <= r4.03.00"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Vp Entry
Search vendor "Yokogawa" for product "Centum Vp Entry"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Centum Vp Entry Firmware
Search vendor "Yokogawa" for product "Centum Vp Entry Firmware"
 >= r5.01.00 <= r5.04.20
Search vendor "Yokogawa" for product "Centum Vp Entry Firmware" and version " >= r5.01.00 <= r5.04.20"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Vp Entry
Search vendor "Yokogawa" for product "Centum Vp Entry"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Centum Vp Entry Firmware
Search vendor "Yokogawa" for product "Centum Vp Entry Firmware"
 >= r6.01.00 < r6.09.00
Search vendor "Yokogawa" for product "Centum Vp Entry Firmware" and version " >= r6.01.00 < r6.09.00"
-
Affected
in Yokogawa
Search vendor "Yokogawa"
 Centum Vp Entry
Search vendor "Yokogawa" for product "Centum Vp Entry"
--
Safe
Yokogawa
Search vendor "Yokogawa"
 Exaopc
Search vendor "Yokogawa" for product "Exaopc"
 >= r3.72.00 < r3.80.00
Search vendor "Yokogawa" for product "Exaopc" and version " >= r3.72.00 < r3.80.00"
-
Affected