CVE-2022-22148

Summary

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Affected Software

VendorProductVersion RangeStatus
Yokogawa Electric CorporationCENTUM CS 3000versions from R3.08.10 to R3.09.00affected
Yokogawa Electric CorporationCENTUM VPversions from R4.01.00 to R4.03.00affected
Yokogawa Electric CorporationCENTUM VPversions from R5.01.00 to R5.04.20affected
Yokogawa Electric CorporationCENTUM VPversions from R6.01.00 to R6.08.00affected
Yokogawa Electric CorporationExaopcversions from R3.72.00 to R3.79.00affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References