CVE-2022-21808: Path Traversal
First published: Fri Mar 11 2022(Updated: )
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yokogawa Centum Cs 3000 Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa CENTUM CS 3000 | ||
| Yokogawa Centum Cs 3000 Entry Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa Centum Cs 3000 Entry | ||
| Yokogawa Centum Vp Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp | ||
| Yokogawa Centum Vp Entry Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Entry Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Entry Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp Entry | ||
| Yokogawa Exaopc | >=r3.72.00<r3.80.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-21808?
CVE-2022-21808 is a path traversal vulnerability that exists in CAMS for HIS Server contained in certain Yokogawa Electric products.
Which Yokogawa Electric products are affected by CVE-2022-21808?
The Yokogawa Electric products affected by CVE-2022-21808 are CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.80.00.
What is the severity of CVE-2022-21808?
CVE-2022-21808 has a severity rating of 8.8 (high).
How can I fix CVE-2022-21808?
To fix CVE-2022-21808, it is recommended to apply the necessary security patches or updates provided by Yokogawa Electric.
Where can I find more information about CVE-2022-21808?
More information about CVE-2022-21808 can be found at the following reference: https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/yokogawa
- canonical/yokogawa centum cs 3000 firmware
- version/yokogawa centum cs 3000 firmware/r3.08.10
- version/yokogawa centum cs 3000 firmware/r3.09.00
- canonical/yokogawa centum cs 3000
- canonical/yokogawa centum cs 3000 entry firmware
- version/yokogawa centum cs 3000 entry firmware/r3.08.10
- version/yokogawa centum cs 3000 entry firmware/r3.09.00
- canonical/yokogawa centum cs 3000 entry
- canonical/yokogawa centum vp firmware
- version/yokogawa centum vp firmware/r4.01.00
- version/yokogawa centum vp firmware/r4.03.00
- version/yokogawa centum vp firmware/r5.01.00
- version/yokogawa centum vp firmware/r5.04.20
- version/yokogawa centum vp firmware/r6.01.00
- canonical/yokogawa centum vp
- canonical/yokogawa centum vp entry firmware
- version/yokogawa centum vp entry firmware/r4.01.00
- version/yokogawa centum vp entry firmware/r4.03.00
- version/yokogawa centum vp entry firmware/r5.01.00
- version/yokogawa centum vp entry firmware/r5.04.20
- version/yokogawa centum vp entry firmware/r6.01.00
- canonical/yokogawa centum vp entry
- canonical/yokogawa exaopc
- version/yokogawa exaopc/r3.72.00