CVE-2022-27188

Name of the Vulnerable Software and Affected Versions CENTUM VP versions R4.01.00 through R4.03.00 CENTUM VP Small versions R4.01.00 through R4.03.00 CENTUM VP Basic versions R4.01.00 through R4.03.00 B/M9000 VP versions R6.01.01 through R6.03.02

Description The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This may allow an attacker who can access the computer where the affected product is installed to execute arbitrary OS commands by altering a file generated using Graphic Builder. The vulnerability in the Standard Operation and Monitoring function of distributed control systems may enable an attacker to execute arbitrary commands.

Recommendations For CENTUM VP versions R4.01.00 through R4.03.00, consider restricting access to the Graphic Builder feature until a patch is available. For CENTUM VP Small versions R4.01.00 through R4.03.00, consider restricting access to the Graphic Builder feature until a patch is available. For CENTUM VP Basic versions R4.01.00 through R4.03.00, consider restricting access to the Graphic Builder feature until a patch is available. For B/M9000 VP versions R6.01.01 through R6.03.02, consider restricting access to the Graphic Builder feature until a patch is available. As a temporary workaround, consider disabling the use of special elements in operating system commands to minimize the risk of exploitation.