CVE-2022-22148
First published: Fri Mar 11 2022(Updated: )
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yokogawa Centum Cs 3000 Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa CENTUM CS 3000 | ||
| Yokogawa Centum Cs 3000 Entry Firmware | >=r3.08.10<=r3.09.00 | |
| Yokogawa Centum Cs 3000 Entry | ||
| Yokogawa Centum Vp Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp | ||
| Yokogawa Centum Vp Entry Firmware | >=r4.01.00<=r4.03.00 | |
| Yokogawa Centum Vp Entry Firmware | >=r5.01.00<=r5.04.20 | |
| Yokogawa Centum Vp Entry Firmware | >=r6.01.00<r6.09.00 | |
| Yokogawa Centum Vp Entry | ||
| Yokogawa Exaopc | >=r3.72.00<r3.80.00 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-22148?
'CVE-2022-22148' refers to a vulnerability in the 'Root Service' service implemented in Yokogawa Electric products.
Which Yokogawa Electric products are affected by CVE-2022-22148?
The Yokogawa Centum CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.80.00 are affected by CVE-2022-22148.
What is the severity of CVE-2022-22148?
CVE-2022-22148 has a severity score of 7.8, which is classified as high.
How does CVE-2022-22148 affect the named pipe ACL configuration?
CVE-2022-22148 in the Yokogawa Electric products creates some named pipe with improper ACL configuration.
How can I fix CVE-2022-22148?
To fix CVE-2022-22148, please refer to the official Yokogawa Electric advisory at the provided reference.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/yokogawa
- canonical/yokogawa centum cs 3000 firmware
- version/yokogawa centum cs 3000 firmware/r3.08.10
- version/yokogawa centum cs 3000 firmware/r3.09.00
- canonical/yokogawa centum cs 3000
- canonical/yokogawa centum cs 3000 entry firmware
- version/yokogawa centum cs 3000 entry firmware/r3.08.10
- version/yokogawa centum cs 3000 entry firmware/r3.09.00
- canonical/yokogawa centum cs 3000 entry
- canonical/yokogawa centum vp firmware
- version/yokogawa centum vp firmware/r4.01.00
- version/yokogawa centum vp firmware/r4.03.00
- version/yokogawa centum vp firmware/r5.01.00
- version/yokogawa centum vp firmware/r5.04.20
- version/yokogawa centum vp firmware/r6.01.00
- canonical/yokogawa centum vp
- canonical/yokogawa centum vp entry firmware
- version/yokogawa centum vp entry firmware/r4.01.00
- version/yokogawa centum vp entry firmware/r4.03.00
- version/yokogawa centum vp entry firmware/r5.01.00
- version/yokogawa centum vp entry firmware/r5.04.20
- version/yokogawa centum vp entry firmware/r6.01.00
- canonical/yokogawa centum vp entry
- canonical/yokogawa exaopc
- version/yokogawa exaopc/r3.72.00