CVE-2022-23401

Name of the Vulnerable Software and Affected Versions CENTUM CS 3000 versions from R3.08.10 to R3.09.00 CENTUM VP versions from R4.01.00 to R4.03.00 CENTUM VP versions from R5.01.00 to R5.04.20 CENTUM VP versions from R6.01.00 to R6.08.00 Exaopc versions from R3.72.00 to R3.79.00

Description The issue is related to insecure DLL loading, which may allow an attacker to execute arbitrary code. This affects the centralized system for managing emergency messages and events, specifically the CAMS for HIS distributed systems management CENTUM VP and CENTUM VP Entry Class, as well as the Exaopc OPC server.

Recommendations For CENTUM CS 3000 versions from R3.08.10 to R3.09.00, update to a version outside of this range to mitigate the risk. For CENTUM VP versions from R4.01.00 to R4.03.00, update to a version outside of this range to mitigate the risk. For CENTUM VP versions from R5.01.00 to R5.04.20, update to a version outside of this range to mitigate the risk. For CENTUM VP versions from R6.01.00 to R6.08.00, update to a version outside of this range to mitigate the risk. For Exaopc versions from R3.72.00 to R3.79.00, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting the loading of DLLs to minimize the risk of exploitation.