PT-2022-2095 · Yokogawa+1 · Exaopc+3
Published
2022-01-07
·
Updated
2022-03-18
·
CVE-2022-21194
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CENTUM VP versions R5.01.00 through R5.04.20
CENTUM VP versions R6.01.00 through R6.08.0
Exaopc versions R3.72.00 through R3.79.00
Description
The issue is related to the use of hardcoded credentials in the centralized alarm and event management system CAMS for HIS, distributed control systems CENTUM VP and CENTUM VP Entry Class, and the OPC server Exaopc. Exploitation of this issue may allow an attacker to elevate their privileges. The affected products do not change the passwords of the internal Windows accounts from the initial configuration.
Recommendations
For CENTUM VP versions R5.01.00 through R5.04.20, update the internal Windows account passwords from the initial configuration.
For CENTUM VP versions R6.01.00 through R6.08.0, update the internal Windows account passwords from the initial configuration.
For Exaopc versions R3.72.00 through R3.79.00, update the internal Windows account passwords from the initial configuration.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cams For His
Centum Vp
Exaopc
Windows