CVE-2022-22141
First published: Fri Mar 11 2022(Updated: )
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yokogawa Centum Cs 3000 Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa CENTUM CS 3000 | ||
| Yokogawa Centum Cs 3000 Entry Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa Centum Cs 3000 Entry | ||
| Yokogawa Centum Vp Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp | ||
| Yokogawa Centum Vp Entry Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Entry Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Entry Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp Entry | ||
| Yokogawa Exaopc | >=r3.72.00<r3.80.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-22141?
CVE-2022-22141 is a vulnerability in Yokogawa Electric products that affects the 'Long-term Data Archive Package' service.
Which Yokogawa Electric products are affected by CVE-2022-22141?
CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.09.00 are affected by CVE-2022-22141.
What is the severity of CVE-2022-22141?
CVE-2022-22141 has a severity rating of 7.8 (high).
How can I fix CVE-2022-22141?
To fix CVE-2022-22141, users should apply the necessary patches or updates provided by Yokogawa Electric.
Where can I find more information about CVE-2022-22141?
You can find more information about CVE-2022-22141 in the Yokogawa Electric advisory document: https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/yokogawa
- canonical/yokogawa centum cs 3000 firmware
- version/yokogawa centum cs 3000 firmware/r3.08.10
- version/yokogawa centum cs 3000 firmware/r3.09.00
- canonical/yokogawa centum cs 3000
- canonical/yokogawa centum cs 3000 entry firmware
- version/yokogawa centum cs 3000 entry firmware/r3.08.10
- version/yokogawa centum cs 3000 entry firmware/r3.09.00
- canonical/yokogawa centum cs 3000 entry
- canonical/yokogawa centum vp firmware
- version/yokogawa centum vp firmware/r4.01.00
- version/yokogawa centum vp firmware/r4.03.00
- version/yokogawa centum vp firmware/r5.01.00
- version/yokogawa centum vp firmware/r5.04.20
- version/yokogawa centum vp firmware/r6.01.00
- canonical/yokogawa centum vp
- canonical/yokogawa centum vp entry firmware
- version/yokogawa centum vp entry firmware/r4.01.00
- version/yokogawa centum vp entry firmware/r4.03.00
- version/yokogawa centum vp entry firmware/r5.01.00
- version/yokogawa centum vp entry firmware/r5.04.20
- version/yokogawa centum vp entry firmware/r6.01.00
- canonical/yokogawa centum vp entry
- canonical/yokogawa exaopc
- version/yokogawa exaopc/r3.72.00