CVE-2022-33939 — HIGH (7.5)

Q: How severe is CVE-2022-33939?

CVE-2022-33939 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-33939?

Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Centum Cs 3000 Cp401 Firmware, Yokogawa Centum Cs 3000 Cp401, Yokogawa Centum Cs 3000 Cp451 Firmware, Yokogawa Centum Cs 3000 Cp451, Yokogawa Centum Cs 3000 Cp33 Firmware.

Vulnerability Description

CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Yokogawa	Centum Cs 3000 Cp401 Firmware	-
Yokogawa	Centum Cs 3000 Cp401	-
Yokogawa	Centum Cs 3000 Cp451 Firmware	-
Yokogawa	Centum Cs 3000 Cp451	-
Yokogawa	Centum Cs 3000 Cp33 Firmware	-
Yokogawa	Centum Cs 3000 Cp33	-
Yokogawa	Centum Cs 3000 Cp345 Firmware	-
Yokogawa	Centum Cs 3000 Cp345	-
Yokogawa	Centum Cs 3000 Cp31 Firmware	-
Yokogawa	Centum Cs 3000 Cp31	-
Yokogawa	Centum Vp 3000 Cp401 Firmware	>= r4.01.00, <= r4.03.00
Yokogawa	Centum Vp 3000 Cp401	-
Yokogawa	Centum Vp 3000 Cp451 Firmware	>= r4.01.00, <= r4.03.00
Yokogawa	Centum Vp 3000 Cp451	-

References

https://jvn.jp/vu/JVNVU94343729/index.htmlThird Party Advisory
https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdfVendor Advisory
https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdfVendor Advisory
https://jvn.jp/vu/JVNVU94343729/index.htmlThird Party Advisory
https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdfVendor Advisory
https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdfVendor Advisory

FAQ

What is CVE-2022-33939?

CVE-2022-33939 is a vulnerability with a CVSS score of 7.5 (HIGH). CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploit...

How severe is CVE-2022-33939?

CVE-2022-33939 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-33939?

Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Centum Cs 3000 Cp401 Firmware, Yokogawa Centum Cs 3000 Cp401, Yokogawa Centum Cs 3000 Cp451 Firmware, Yokogawa Centum Cs 3000 Cp451, Yokogawa Centum Cs 3000 Cp33 Firmware.