Improper ACL Configuration in Yokogawa Electric’s CENTUM and Exaopc Products
CVE-2022-22148
7.8HIGH
Key Information:
- Vendor
- CVE Published:
- 11 March 2022
What is CVE-2022-22148?
The Root Service implemented in several Yokogawa Electric products contains a vulnerability that stems from improper Access Control List (ACL) configuration for named pipes. This issue potentially exposes sensitive information by allowing unauthorized access to the named pipes, which can be exploited by malicious actors. The lack of adequate controls in specific versions of CENTUM CS 3000, CENTUM VP, and Exaopc products can compromise system integrity and confidentiality.
Affected Version(s)
CENTUM CS 3000 versions from R3.08.10 to R3.09.00
CENTUM VP versions from R4.01.00 to R4.03.00
CENTUM VP versions from R5.01.00 to R5.04.20