CVE-2022-22151

Name of the Vulnerable Software and Affected Versions CENTUM CS 3000 versions from R3.08.10 to R3.09.00 CENTUM VP versions from R4.01.00 to R4.03.00 CENTUM VP versions from R5.01.00 to R5.04.20 CENTUM VP versions from R6.01.00 to R6.08.00 Exaopc versions from R3.72.00 to R3.79.00

Description The issue is related to the improper neutralization of log outputs in the CAMS for HIS Log Server contained in certain Yokogawa Electric products. This could allow an attacker to cause a denial of service or modify log files on the server using a specially crafted data packet. The vulnerability is associated with the incorrect processing of log registration output data.

Recommendations For CENTUM CS 3000 versions from R3.08.10 to R3.09.00, update to a version outside of this range to resolve the issue. For CENTUM VP versions from R4.01.00 to R4.03.00, update to a version outside of this range to resolve the issue. For CENTUM VP versions from R5.01.00 to R5.04.20, update to a version outside of this range to resolve the issue. For CENTUM VP versions from R6.01.00 to R6.08.00, update to a version outside of this range to resolve the issue. For Exaopc versions from R3.72.00 to R3.79.00, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the log server to minimize the risk of exploitation.