high
8.8
Advisory Published
Updated

CVE-2022-30707

First published: Tue Jun 28 2022(Updated: )

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.

Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Yokogawa Centum Cs 3000 Firmware>=r3.08.10<=r3.09.00
Yokogawa CENTUM CS 3000
Yokogawa Centum Cs 3000 Entry Class Firmware>=r3.08.10<=r3.09.00
Yokogawa Centum Cs 3000 Entry Class
Yokogawa Centum Vp Firmware>=r4.01.00<=r4.03.00
Yokogawa Centum Vp Firmware>=r5.01.00<=r5.04.20
Yokogawa Centum Vp Firmware>=r6.01.00<=r6.09.00
Yokogawa Centum Vp
Yokogawa Centum Vp Entry Class Firmware>=r4.01.00<=r4.03.00
Yokogawa Centum Vp Entry Class Firmware>=r5.01.00<=r5.04.20
Yokogawa Centum Vp Entry Class Firmware>=r6.01.00<=r6.09.00
Yokogawa Centum Vp Entry Class
Yokogawa Exaopc>=r3.72.00<=r3.80.00
Yokogawa B\/m9000 Vp>=r6.01.01<=r8.03.01
Yokogawa B\/m9000cs>=r5.04.01<=r5.05.01

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2022-30707?

    CVE-2022-30707 is a vulnerability that involves the violation of secure design principles in the communication of CAMS for Yokogawa's CENTUM series products.

  • Which Yokogawa products are affected by CVE-2022-30707?

    The affected products are CENTUM CS 3000 and CENTUM VP series, with specific firmware or software versions installed.

  • What is the severity of CVE-2022-30707?

    CVE-2022-30707 has a severity rating of 8.8 (high).

  • How do I fix CVE-2022-30707?

    To fix CVE-2022-30707, it is recommended to apply the necessary patches or updates provided by Yokogawa.

  • Where can I find more information about CVE-2022-30707?

    You can find more information about CVE-2022-30707 on the official JVN and Yokogawa websites.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203