Details of VAR-202203-0848

ID

VAR-202203-0848

CVE

CVE-2022-23401

TITLE

Yokogawa Exaopc Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202203-1153

DESCRIPTION

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00

Trust: 0.99

sources: NVD: CVE-2022-23401 // VULHUB: VHN-414062

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum vp entry	scope:	gte	version:	r5.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	gte	version:	r4.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry	scope:	lte	version:	r3.09.00	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	lt	version:	r3.80.00	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	gte	version:	r3.72.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry	scope:	gte	version:	r3.08.10	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	gte	version:	r4.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	lte	version:	r5.04.20	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lte	version:	r5.04.20	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	lte	version:	r3.09.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lt	version:	r6.09.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lte	version:	r4.03.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	lte	version:	r4.03.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	gte	version:	r6.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	gte	version:	r6.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	gte	version:	r3.08.10	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	lt	version:	r6.09.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	gte	version:	r5.01.00	Trust: 1.0

sources: NVD: CVE-2022-23401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-23401
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202203-1153
value:	HIGH
Trust: 0.6
VULHUB:	VHN-414062
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2022-23401
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-414062
severity:	LOW
baseScore:	3.7
vectorString:	AV:L/AC:H/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	1.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-23401
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-414062 // CNNVD: CNNVD-202203-1153 // NVD: CVE-2022-23401

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.1

sources: VULHUB: VHN-414062 // NVD: CVE-2022-23401

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-1153

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202203-1153

PATCH

title:

Yokogawa Exaopc Fixes for code issue vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186335

Trust: 0.6

sources: CNNVD: CNNVD-202203-1153

EXTERNAL IDS

db:	NVD	id:	CVE-2022-23401	Trust: 1.7
db:	CS-HELP	id:	SB2022032906	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1276	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-083-01	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1153	Trust: 0.6
db:	VULHUB	id:	VHN-414062	Trust: 0.1

sources: VULHUB: VHN-414062 // CNNVD: CNNVD-202203-1153 // NVD: CVE-2022-23401

REFERENCES

url:	https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2022032906	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-23401/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1276	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-083-01	Trust: 0.6

sources: VULHUB: VHN-414062 // CNNVD: CNNVD-202203-1153 // NVD: CVE-2022-23401

CREDITS

Jacob Baines from Dragos reported these vulnerabilities to Yokogawa.

Trust: 0.6

sources: CNNVD: CNNVD-202203-1153

SOURCES

db:	VULHUB	id:	VHN-414062
db:	CNNVD	id:	CNNVD-202203-1153
db:	NVD	id:	CVE-2022-23401

LAST UPDATE DATE

2024-11-23T21:32:45.490000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414062	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202203-1153	date:	2022-03-30T00:00:00
db:	NVD	id:	CVE-2022-23401	date:	2024-11-21T06:48:31.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414062	date:	2022-03-11T00:00:00
db:	CNNVD	id:	CNNVD-202203-1153	date:	2022-03-11T00:00:00
db:	NVD	id:	CVE-2022-23401	date:	2022-03-11T09:15:11.873