CVE-2022-22151

HIGH

Yokogawa Electric - Info Disclosure

Title source: llm
STIX 2.1

Description

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.

References (1)

Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Scores

CVSS v3 8.1
EPSS 0.0077
EPSS Percentile 50.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-116 CWE-117
Status published
Products (5)
yokogawa/centum_cs_3000_entry_firmware r3.08.10 - r3.09.00
yokogawa/centum_cs_3000_firmware r3.08.10 - r3.09.00
yokogawa/centum_vp_entry_firmware r4.01.00 - r4.03.00
yokogawa/centum_vp_firmware r4.01.00 - r4.03.00
yokogawa/exaopc r3.72.00 - r3.80.00
Published Mar 11, 2022
Tracked Since Feb 18, 2026