CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-26034

CVSS 9.1v3.1pub. 2022-04-15upd. 2024-11-21

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Yokogawa B\/m9000 Vp

    APP
    Yokogawa
    r8.01.01 – r8.03.01
  • Yokogawa Centum Vp

    APP
    Yokogawa
    r6.01.10 – r6.09.00r6.01.10 – r06.09.00
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-21194CRITICAL9.8ten sam produkt

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the...

CVE-2022-23402CRITICAL9.8ten sam produkt

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versio...

CVE-2020-5608CRITICAL9.8ten sam produkt

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM V...

CVE-2020-5609CRITICAL9.8ten sam produkt

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R...

CVE-2015-5627CRITICAL9.8ten sam produkt

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earli...