CVE-2022-30707

Name of the Vulnerable Software and Affected Versions CENTUM CS 3000 versions R3.08.10 through R3.09.00 CENTUM VP versions R4.01.00 through R4.03.00 CENTUM VP versions R5.01.00 through R5.04.20 CENTUM VP versions R6.01.00 through R6.09.00 Exaopc versions R3.72.00 through R3.80.00 B/M9000 CS versions R5.04.01 through R5.05.01 B/M9000 VP versions R6.01.01 through R8.03.01

Description The issue is related to a violation of secure design principles in the communication of CAMS for HIS. An adjacent attacker can compromise a computer using CAMS for HIS software and use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.

Recommendations For CENTUM CS 3000 versions R3.08.10 through R3.09.00, update to a version outside of this range to mitigate the risk. For CENTUM VP versions R4.01.00 through R4.03.00, update to a version outside of this range to mitigate the risk. For CENTUM VP versions R5.01.00 through R5.04.20, update to a version outside of this range to mitigate the risk. For CENTUM VP versions R6.01.00 through R6.09.00, update to a version outside of this range to mitigate the risk. For Exaopc versions R3.72.00 through R3.80.00, update to a version outside of this range to mitigate the risk, but only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed. For B/M9000 CS versions R5.04.01 through R5.05.01, update to a version outside of this range to mitigate the risk. For B/M9000 VP versions R6.01.01 through R8.03.01, update to a version outside of this range to mitigate the risk.