Vulnerability Description
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yokogawa | Centum Cs 3000 Firmware | >= r3.08.10, <= r3.09.00 |
| Yokogawa | Centum Cs 3000 | - |
| Yokogawa | Centum Cs 3000 Entry Firmware | >= r3.08.10, <= r3.09.00 |
| Yokogawa | Centum Cs 3000 Entry | - |
| Yokogawa | Centum Vp Firmware | >= r4.01.00, <= r4.03.00 |
| Yokogawa | Centum Vp | - |
| Yokogawa | Centum Vp Entry Firmware | >= r4.01.00, <= r4.03.00 |
| Yokogawa | Centum Vp Entry | - |
| Yokogawa | Exaopc | >= r3.72.00, < r3.80.00 |
Related Weaknesses (CWE)
References
- https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdfMitigationVendor Advisory
- https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdfMitigationVendor Advisory
FAQ
What is CVE-2022-22729?
CVE-2022-22729 is a vulnerability with a CVSS score of 8.8 (HIGH). CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 ver...
How severe is CVE-2022-22729?
CVE-2022-22729 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-22729?
Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Centum Cs 3000 Firmware, Yokogawa Centum Cs 3000, Yokogawa Centum Cs 3000 Entry Firmware, Yokogawa Centum Cs 3000 Entry, Yokogawa Centum Vp Firmware.