Yokogawa Centum_vp_firmware
17 CVEs affecting Yokogawa Centum_vp_firmware. Latest disclosed: 2022-06-28. Critical: 7, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23402 | Critical | 9.8 | 2022-03-11 | The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6… |
CVE-2022-21194 | Critical | 9.8 | 2022-03-11 | The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R… |
CVE-2020-5609 | Critical | 9.8 | 2020-08-05 | Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Bas… |
CVE-2020-5608 | Critical | 9.8 | 2020-08-05 | CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R… |
CVE-2015-5628 | Critical | 9.8 | 2020-02-05 | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CE… |
CVE-2015-5627 | Critical | 9.8 | 2020-02-05 | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CE… |
CVE-2015-5626 | Critical | 9.8 | 2020-02-05 | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CE… |
CVE-2022-30707 | High | 8.8 | 2022-06-28 | Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed… |
CVE-2022-22729 | High | 8.8 | 2022-03-11 | CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via… |
CVE-2022-21808 | High | 8.8 | 2022-03-11 | Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.0… |
CVE-2022-22151 | High | 8.1 | 2022-03-11 | CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 t… |
CVE-2022-22145 | High | 8.1 | 2022-03-11 | CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from… |
CVE-2022-21177 | High | 8.1 | 2022-03-11 | There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10… |
CVE-2022-23401 | High | 7.8 | 2022-03-11 | The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01… |
CVE-2022-22148 | High | 7.8 | 2022-03-11 | 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions… |
CVE-2022-22141 | High | 7.8 | 2022-03-11 | 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTU… |
CVE-2018-16196 | High | 7.5 | 2019-01-09 | Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50)… |