Improper ACL Configuration in Yokogawa Electric’s CENTUM and Exaopc Products
CVE-2022-22148
7.8HIGH
Key Information:
- Vendor
- CVE Published:
- 11 March 2022
Summary
The Root Service implemented in several Yokogawa Electric products contains a vulnerability that stems from improper Access Control List (ACL) configuration for named pipes. This issue potentially exposes sensitive information by allowing unauthorized access to the named pipes, which can be exploited by malicious actors. The lack of adequate controls in specific versions of CENTUM CS 3000, CENTUM VP, and Exaopc products can compromise system integrity and confidentiality.
Affected Version(s)
CENTUM CS 3000 versions from R3.08.10 to R3.09.00
CENTUM VP versions from R4.01.00 to R4.03.00
CENTUM VP versions from R5.01.00 to R5.04.20
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved