CVE-2022-23401

HIGH

Yokogawa Centum CS 3000 Firmware < r3.09.00 - Uncontrolled Search Path

Title source: rule

Description

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

References (1)

[Vendor Advisory] https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (5)

yokogawa/centum_cs_3000_firmware < r3.09.00

yokogawa/centum_cs_3000_entry_firmware < r3.09.00

yokogawa/centum_vp_firmware < r4.03.00

yokogawa/centum_vp_entry_firmware < r4.03.00

yokogawa/exaopc < r3.80.00

Timeline

Published Mar 11, 2022

Tracked Since Feb 18, 2026