CVE-2022-23401
HIGHYokogawa CENTUM CS 3000 R3.08.10-R3.09.00 and CENTUM VP R4.01.00-R4.03.00 - Uncontrolled Search Path Element
Title source: llmDescription
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
Scores
CVSS v3
7.8
EPSS
0.0021
EPSS Percentile
11.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (5)
yokogawa/centum_cs_3000_entry_firmware
r3.08.10 - r3.09.00
yokogawa/centum_cs_3000_firmware
r3.08.10 - r3.09.00
yokogawa/centum_vp_entry_firmware
r4.01.00 - r4.03.00
yokogawa/centum_vp_firmware
r4.01.00 - r4.03.00
yokogawa/exaopc
r3.72.00 - r3.80.00
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026