Details of VAR-202203-0854

ID

VAR-202203-0854

CVE

CVE-2022-22145

TITLE

Yokogawa Exaopc Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202203-1154

DESCRIPTION

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00

Trust: 0.99

sources: NVD: CVE-2022-22145 // VULHUB: VHN-414058

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum vp entry	scope:	gte	version:	r5.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	gte	version:	r4.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry	scope:	lte	version:	r3.09.00	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	lt	version:	r3.80.00	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	gte	version:	r3.72.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry	scope:	gte	version:	r3.08.10	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	gte	version:	r4.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	lte	version:	r5.04.20	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lte	version:	r5.04.20	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	lte	version:	r3.09.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lt	version:	r6.09.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lte	version:	r4.03.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	lte	version:	r4.03.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	gte	version:	r6.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	gte	version:	r6.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	gte	version:	r3.08.10	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry	scope:	lt	version:	r6.09.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	gte	version:	r5.01.00	Trust: 1.0

sources: NVD: CVE-2022-22145

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22145
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202203-1154
value:	HIGH
Trust: 0.6
VULHUB:	VHN-414058
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-22145
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-414058
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-22145
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-414058 // CNNVD: CNNVD-202203-1154 // NVD: CVE-2022-22145

PROBLEMTYPE DATA

problemtype:

CWE-400

Trust: 1.1

sources: VULHUB: VHN-414058 // NVD: CVE-2022-22145

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-1154

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202203-1154

PATCH

title:

Yokogawa Exaopc Remediation of resource management error vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186336

Trust: 0.6

sources: CNNVD: CNNVD-202203-1154

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22145	Trust: 1.7
db:	CS-HELP	id:	SB2022032906	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1276	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-1154	Trust: 0.6
db:	VULHUB	id:	VHN-414058	Trust: 0.1

sources: VULHUB: VHN-414058 // CNNVD: CNNVD-202203-1154 // NVD: CVE-2022-22145

REFERENCES

url:	https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2022032906	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1276	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-22145/	Trust: 0.6

sources: VULHUB: VHN-414058 // CNNVD: CNNVD-202203-1154 // NVD: CVE-2022-22145

SOURCES

db:	VULHUB	id:	VHN-414058
db:	CNNVD	id:	CNNVD-202203-1154
db:	NVD	id:	CVE-2022-22145

LAST UPDATE DATE

2024-11-23T21:32:45.628000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-414058	date:	2022-03-18T00:00:00
db:	CNNVD	id:	CNNVD-202203-1154	date:	2022-03-30T00:00:00
db:	NVD	id:	CVE-2022-22145	date:	2024-11-21T06:46:15.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-414058	date:	2022-03-11T00:00:00
db:	CNNVD	id:	CNNVD-202203-1154	date:	2022-03-11T00:00:00
db:	NVD	id:	CVE-2022-22145	date:	2022-03-11T09:15:11.517