Improper ACL Configuration in Yokogawa Electric’s CENTUM and Exaopc Products
CVE-2022-22148

7.8HIGH

Key Information:

Vendor: Yokogawa Electric Corporation
Status: Centum Cs 3000; Centum Vp; Exaopc
Vendor: CVE Published:; 11 March 2022

Summary

The Root Service implemented in several Yokogawa Electric products contains a vulnerability that stems from improper Access Control List (ACL) configuration for named pipes. This issue potentially exposes sensitive information by allowing unauthorized access to the named pipes, which can be exploited by malicious actors. The lack of adequate controls in specific versions of CENTUM CS 3000, CENTUM VP, and Exaopc products can compromise system integrity and confidentiality.

Affected Version(s)

CENTUM CS 3000 versions from R3.08.10 to R3.09.00

CENTUM VP versions from R4.01.00 to R4.03.00

CENTUM VP versions from R5.01.00 to R5.04.20

References

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2022
Vulnerability Reserved
Feb 3, 2022