Sign-up

ID

VAR-202203-0849


CVE

CVE-2022-22729


TITLE

Yokogawa Exaopc Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202203-1152

DESCRIPTION

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00

Trust: 0.99

sources: NVD: CVE-2022-22729 // VULHUB: VHN-414061

AFFECTED PRODUCTS

vendor:yokogawamodel:centum vp entryscope:gteversion:r5.01.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r4.01.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000 entryscope:lteversion:r3.09.00

Trust: 1.0

vendor:yokogawamodel:exaopcscope:ltversion:r3.80.00

Trust: 1.0

vendor:yokogawamodel:exaopcscope:gteversion:r3.72.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000 entryscope:gteversion:r3.08.10

Trust: 1.0

vendor:yokogawamodel:centum vp entryscope:gteversion:r4.01.00

Trust: 1.0

vendor:yokogawamodel:centum vp entryscope:lteversion:r5.04.20

Trust: 1.0

vendor:yokogawamodel:centum vpscope:lteversion:r5.04.20

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:lteversion:r3.09.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:ltversion:r6.09.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:lteversion:r4.03.00

Trust: 1.0

vendor:yokogawamodel:centum vp entryscope:lteversion:r4.03.00

Trust: 1.0

vendor:yokogawamodel:centum vp entryscope:gteversion:r6.01.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r6.01.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:gteversion:r3.08.10

Trust: 1.0

vendor:yokogawamodel:centum vp entryscope:ltversion:r6.09.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r5.01.00

Trust: 1.0

sources: NVD: CVE-2022-22729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22729
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202203-1152
value: HIGH

Trust: 0.6

VULHUB: VHN-414061
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-22729
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-414061
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22729
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-414061 // CNNVD: CNNVD-202203-1152 // NVD: CVE-2022-22729

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-302

Trust: 1.0

sources: VULHUB: VHN-414061 // NVD: CVE-2022-22729

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1152

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202203-1152

PATCH

title:Yokogawa Exaopc Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186334

Trust: 0.6

sources: CNNVD: CNNVD-202203-1152

EXTERNAL IDS

db:NVDid:CVE-2022-22729

Trust: 1.7

db:CS-HELPid:SB2022032906

Trust: 0.6

db:AUSCERTid:ESB-2022.1276

Trust: 0.6

db:CNNVDid:CNNVD-202203-1152

Trust: 0.6

db:VULHUBid:VHN-414061

Trust: 0.1

sources: VULHUB: VHN-414061 // CNNVD: CNNVD-202203-1152 // NVD: CVE-2022-22729

REFERENCES

url:https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf

Trust: 1.7

url:https://www.cybersecurity-help.cz/vdb/sb2022032906

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-22729/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1276

Trust: 0.6

sources: VULHUB: VHN-414061 // CNNVD: CNNVD-202203-1152 // NVD: CVE-2022-22729

SOURCES

db:VULHUBid:VHN-414061
db:CNNVDid:CNNVD-202203-1152
db:NVDid:CVE-2022-22729

LAST UPDATE DATE

2024-11-23T21:32:45.667000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-414061date:2022-03-18T00:00:00
db:CNNVDid:CNNVD-202203-1152date:2022-03-30T00:00:00
db:NVDid:CVE-2022-22729date:2024-11-21T06:47:20.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-414061date:2022-03-11T00:00:00
db:CNNVDid:CNNVD-202203-1152date:2022-03-11T00:00:00
db:NVDid:CVE-2022-22729date:2022-03-11T09:15:11.683