Vulnerability Details : CVE-2022-22145
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Products affected by CVE-2022-22145
- cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*
- Yokogawa » Centum Cs 3000 FirmwareVersions from including (>=) r3.08.10 and up to, including, (<=) r3.09.00cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*
- Yokogawa » Centum Cs 3000 Entry FirmwareVersions from including (>=) r3.08.10 and up to, including, (<=) r3.09.00cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
- Yokogawa » Centum Vp FirmwareVersions from including (>=) r4.01.00 and up to, including, (<=) r4.03.00cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
- Yokogawa » Centum Vp FirmwareVersions from including (>=) r5.01.00 and up to, including, (<=) r5.04.20cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
- Yokogawa » Centum Vp Entry FirmwareVersions from including (>=) r4.01.00 and up to, including, (<=) r4.03.00cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*
- Yokogawa » Centum Vp Entry FirmwareVersions from including (>=) r5.01.00 and up to, including, (<=) r5.04.20cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-22145
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-22145
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:N/I:P/A:P |
6.8
|
4.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2022-22145
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by:
- nvd@nist.gov (Primary)
- vultures@jpcert.or.jp (Secondary)
References for CVE-2022-22145
-
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
Mitigation;Vendor Advisory
Jump to