CVE-2022-22729

Summary

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.

Affected Software

VendorProductVersion RangeStatus
Yokogawa Electric CorporationCENTUM CS 3000versions from R3.08.10 to R3.09.00affected
Yokogawa Electric CorporationCENTUM VPversions from R4.01.00 to R4.03.00affected
Yokogawa Electric CorporationCENTUM VPversions from R5.01.00 to R5.04.20affected
Yokogawa Electric CorporationCENTUM VPversions from R6.01.00 to R6.08.00affected
Yokogawa Electric CorporationExaopcversions from R3.72.00 to R3.79.00affected

Weaknesses

  • CWE-302: CWE-302: Authentication Bypass by Assumed-Immutable Data

ADP Enrichment

CVE Program Container

Additional References

References