CVE-2022-21808
HIGHYokogawa CENTUM CS 3000 R3.08.10-R3.09.00, CENTUM VP R4.01.00-R4.03.00, Exaopc R3.72.00-R3.79.00 - Path Traversal
Title source: llmDescription
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
Scores
CVSS v3
8.8
EPSS
0.0102
EPSS Percentile
58.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-23
Status
published
Products (5)
yokogawa/centum_cs_3000_entry_firmware
r3.08.10 - r3.09.00
yokogawa/centum_cs_3000_firmware
r3.08.10 - r3.09.00
yokogawa/centum_vp_entry_firmware
r4.01.00 - r4.03.00
yokogawa/centum_vp_firmware
r4.01.00 - r4.03.00
yokogawa/exaopc
r3.72.00 - r3.80.00
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026