Security Flaw in Communication of CAMS for HIS in Yokogawa CENTUM Products
CVE-2022-30707

8.8HIGH

Key Information:

Vendor

Yokogawa Electric Corporation

Status
Cams For His
Vendor
CVE Published:
28 June 2022

What is CVE-2022-30707?

A security flaw identified in Yokogawa's CAMS for HIS software could allow an adjacent attacker who compromises a computer to utilize the stolen credentials for unauthorized access to other machines using similar software. This vulnerability spans various products in the CENTUM series, leading to potential disabling of CAMS functions or information disclosure and alteration across affected systems.

Affected Version(s)

CAMS for HIS CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01

References

https://web-material3.yokogawa.com/1/32780/files/YSAR-22-...
x_refsource_MISC
https://web-material3.yokogawa.com/19/32780/files/YSAR-22...
x_refsource_MISC
https://jvn.jp/vu/JVNVU92819891/index.html
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.