1. Home
  2. CVE Database
  3. CVE-2022-26034
CRITICAL · 9.1

CVE-2022-26034

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R...

Vulnerability Description

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
YokogawaB\/M9000 Vp>= r8.01.01, <= r8.03.01
YokogawaCentum Vp>= r6.01.10, <= r6.09.00

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2022-26034?

CVE-2022-26034 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R...

How severe is CVE-2022-26034?

CVE-2022-26034 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-26034?

Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa B\/M9000 Vp, Yokogawa Centum Vp.