Details of VAR-202204-0836

ID

VAR-202204-0836

CVE

CVE-2022-26034

TITLE

of Yokogawa Electric Corporation b/m9000 vp and centum vp Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-008397

DESCRIPTION

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server

Trust: 1.8

sources: NVD: CVE-2022-26034 // JVNDB: JVNDB-2022-008397 // VULHUB: VHN-419227 // VULMON: CVE-2022-26034

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum vp	scope:	lte	version:	r06.09.00	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000 vp	scope:	gte	version:	r8.01.01	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lte	version:	r6.09.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	gte	version:	r6.01.10	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000 vp	scope:	lte	version:	r8.03.01	Trust: 1.0
vendor:	横河電機株式会社	model:	centum vp	scope:	-	version:	-	Trust: 0.8
vendor:	横河電機株式会社	model:	b/m9000 vp	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-008397 // NVD: CVE-2022-26034

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26034
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-26034
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202204-3445
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-419227
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-26034
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-26034
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-419227
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26034
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26034
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-419227 // VULMON: CVE-2022-26034 // JVNDB: JVNDB-2022-008397 // CNNVD: CNNVD-202204-3445 // NVD: CVE-2022-26034

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-419227 // JVNDB: JVNDB-2022-008397 // NVD: CVE-2022-26034

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-3445

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202204-3445

PATCH

title:

Yokogawa Electric CENTUM VP Remediation measures for authorization problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190476

Trust: 0.6

sources: CNNVD: CNNVD-202204-3445

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26034	Trust: 3.4
db:	JVN	id:	JVNVU99204686	Trust: 2.6
db:	ICS CERT	id:	ICSA-22-123-01	Trust: 1.4
db:	JVNDB	id:	JVNDB-2022-008397	Trust: 0.8
db:	CS-HELP	id:	SB2022050402	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-3445	Trust: 0.6
db:	VULHUB	id:	VHN-419227	Trust: 0.1
db:	VULMON	id:	CVE-2022-26034	Trust: 0.1

sources: VULHUB: VHN-419227 // VULMON: CVE-2022-26034 // JVNDB: JVNDB-2022-008397 // CNNVD: CNNVD-202204-3445 // NVD: CVE-2022-26034

REFERENCES

url:	https://jvn.jp/vu/jvnvu99204686/index.html	Trust: 2.6
url:	https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/	Trust: 2.6
url:	https://jvn.jp/vu/jvnvu99204686/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26034	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-123-01	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-26034/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-123-01	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050402	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-419227 // VULMON: CVE-2022-26034 // JVNDB: JVNDB-2022-008397 // CNNVD: CNNVD-202204-3445 // NVD: CVE-2022-26034

CREDITS

JPCERT/CC notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202204-3445

SOURCES

db:	VULHUB	id:	VHN-419227
db:	VULMON	id:	CVE-2022-26034
db:	JVNDB	id:	JVNDB-2022-008397
db:	CNNVD	id:	CNNVD-202204-3445
db:	NVD	id:	CVE-2022-26034

LAST UPDATE DATE

2024-11-23T21:30:29.528000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-419227	date:	2022-04-22T00:00:00
db:	VULMON	id:	CVE-2022-26034	date:	2022-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2022-008397	date:	2023-07-26T08:25:00
db:	CNNVD	id:	CNNVD-202204-3445	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2022-26034	date:	2024-11-21T06:53:20.437

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-419227	date:	2022-04-15T00:00:00
db:	VULMON	id:	CVE-2022-26034	date:	2022-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-008397	date:	2023-07-26T00:00:00
db:	CNNVD	id:	CNNVD-202204-3445	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-26034	date:	2022-04-15T02:15:08.083