Insecure DLL Loading Vulnerability in Yokogawa Electric's CENTUM and Exaopc Products
CVE-2022-23401

7.8HIGH

Key Information:

Vendor: Yokogawa Electric Corporation
Status: Centum Cs 3000; Centum Vp; Exaopc
Vendor: CVE Published:; 11 March 2022

Summary

Yokogawa Electric's CENTUM and Exaopc products exhibit vulnerabilities related to insecure DLL loading, impacting multiple versions. These issues allow potential unauthorized code execution, which can compromise the security of systems relying on these products. Users are advised to review the provided versions for potential exposure and remediate threats accordingly.

Affected Version(s)

CENTUM CS 3000 versions from R3.08.10 to R3.09.00

CENTUM VP versions from R4.01.00 to R4.03.00

CENTUM VP versions from R5.01.00 to R5.04.20

References

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2022
Vulnerability Reserved
Feb 3, 2022