CVE-2022-22729
HIGHYokogawa CENTUM CS 3.08.10-3.09.00, VP 4.01.00-4.03.00, Exaopc 3.72.00-3.79.00 - Authentication Bypass
Title source: llmDescription
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
Scores
CVSS v3
8.8
EPSS
0.0091
EPSS Percentile
55.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-302
Status
published
Products (5)
yokogawa/centum_cs_3000_entry_firmware
r3.08.10 - r3.09.00
yokogawa/centum_cs_3000_firmware
r3.08.10 - r3.09.00
yokogawa/centum_vp_entry_firmware
r4.01.00 - r4.03.00
yokogawa/centum_vp_firmware
r4.01.00 - r4.03.00
yokogawa/exaopc
r3.72.00 - r3.80.00
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026