PT-2022-1488 · Yokogawa Electric · Centum Vp+1
Published
2022-01-07
·
Updated
2022-03-18
·
CVE-2022-23402
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CENTUM VP versions R5.01.00 through R5.04.20
CENTUM VP versions R6.01.00 through R6.08.00
Exaopc versions R3.72.00 through R3.79.00
Description
The issue is related to the use of hardcoded passwords for CAMS server applications in certain Yokogawa Electric products. This could allow a remote attacker to cause a server crash, including suppression of emergency signals.
Recommendations
For CENTUM VP versions R5.01.00 through R5.04.20, update to a version outside of this range to mitigate the risk.
For CENTUM VP versions R6.01.00 through R6.08.00, update to a version outside of this range to mitigate the risk.
For Exaopc versions R3.72.00 through R3.79.00, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to the CAMS server applications until a patch is available.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centum Vp
Exaopc