Vulnerability Description
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yokogawa | Centum Cs 3000 Firmware | >= r3.08.10, <= r3.09.00 |
| Yokogawa | Centum Cs 3000 | - |
| Yokogawa | Centum Cs 3000 Entry Firmware | >= r3.08.10, <= r3.09.00 |
| Yokogawa | Centum Cs 3000 Entry | - |
| Yokogawa | Centum Vp Firmware | >= r4.01.00, <= r4.03.00 |
| Yokogawa | Centum Vp | - |
| Yokogawa | Centum Vp Entry Firmware | >= r4.01.00, <= r4.03.00 |
| Yokogawa | Centum Vp Entry | - |
| Yokogawa | Exaopc | >= r3.72.00, < r3.80.00 |
Related Weaknesses (CWE)
References
- https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdfVendor Advisory
- https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdfVendor Advisory
FAQ
What is CVE-2022-22148?
CVE-2022-22148 is a vulnerability with a CVSS score of 7.8 (HIGH). 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP ver...
How severe is CVE-2022-22148?
CVE-2022-22148 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22148?
Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Centum Cs 3000 Firmware, Yokogawa Centum Cs 3000, Yokogawa Centum Cs 3000 Entry Firmware, Yokogawa Centum Cs 3000 Entry, Yokogawa Centum Vp Firmware.