CVE-2022-22148

Name of the Vulnerable Software and Affected Versions CENTUM CS 3000 versions from R3.08.10 to R3.09.00 CENTUM VP versions from R4.01.00 to R4.03.00 CENTUM VP versions from R5.01.00 to R5.04.20 CENTUM VP versions from R6.01.00 to R6.08.00 Exaopc versions from R3.72.00 to R3.79.00

Description The 'Root Service' in Yokogawa Electric products creates named pipes with improper ACL configuration, which may allow an attacker to elevate their privileges. This issue is related to the lack of measures to neutralize special elements used in operating system commands.

Recommendations For CENTUM CS 3000 versions from R3.08.10 to R3.09.00, update to a version outside of this range to mitigate the risk. For CENTUM VP versions from R4.01.00 to R4.03.00, update to a version outside of this range to mitigate the risk. For CENTUM VP versions from R5.01.00 to R5.04.20, update to a version outside of this range to mitigate the risk. For CENTUM VP versions from R6.01.00 to R6.08.00, update to a version outside of this range to mitigate the risk. For Exaopc versions from R3.72.00 to R3.79.00, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the named pipes created by the 'Root Service' until a patch is available.