CVE-2022-23402
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Los siguientes productos de Yokogawa Electric codifican la contraseƱa de las aplicaciones del servidor CAMS: CENTUM VP versiones desde R5.01.00 hasta R5.04.20 y versiones desde R6.01.00 hasta R6.08.00, Exaopc versiones desde R3.72.00 hasta R3.79.00
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-02-03 CVE Reserved
- 2022-03-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-11-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | 2022-03-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yokogawa Search vendor "Yokogawa" | Centum Vp Firmware Search vendor "Yokogawa" for product "Centum Vp Firmware" | >= r5.01.00 <= r5.04.20 Search vendor "Yokogawa" for product "Centum Vp Firmware" and version " >= r5.01.00 <= r5.04.20" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Centum Vp Search vendor "Yokogawa" for product "Centum Vp" | - | - |
Safe
|
| Yokogawa Search vendor "Yokogawa" | Centum Vp Firmware Search vendor "Yokogawa" for product "Centum Vp Firmware" | >= r6.01.00 < r6.09.00 Search vendor "Yokogawa" for product "Centum Vp Firmware" and version " >= r6.01.00 < r6.09.00" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Centum Vp Search vendor "Yokogawa" for product "Centum Vp" | - | - |
Safe
|
| Yokogawa Search vendor "Yokogawa" | Centum Vp Entry Firmware Search vendor "Yokogawa" for product "Centum Vp Entry Firmware" | >= r5.01.00 <= r5.04.20 Search vendor "Yokogawa" for product "Centum Vp Entry Firmware" and version " >= r5.01.00 <= r5.04.20" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Centum Vp Entry Search vendor "Yokogawa" for product "Centum Vp Entry" | - | - |
Safe
|
| Yokogawa Search vendor "Yokogawa" | Centum Vp Entry Firmware Search vendor "Yokogawa" for product "Centum Vp Entry Firmware" | >= r6.01.00 < r6.09.00 Search vendor "Yokogawa" for product "Centum Vp Entry Firmware" and version " >= r6.01.00 < r6.09.00" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Centum Vp Entry Search vendor "Yokogawa" for product "Centum Vp Entry" | - | - |
Safe
|
| Yokogawa Search vendor "Yokogawa" | Exaopc Search vendor "Yokogawa" for product "Exaopc" | >= r3.72.00 < r3.80.00 Search vendor "Yokogawa" for product "Exaopc" and version " >= r3.72.00 < r3.80.00" | - |
Affected
| ||||||