CVE-2022-21808

moderate-risk
Published 2022-03-11

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

Do I need to act?

-
0.74% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (5)

Centum Cs 3000 Firmware
Centum Cs 3000 Entry Firmware
Centum Vp Firmware
Centum Vp Entry Firmware
Exaopc

Affected Vendors

Yokogawa

References (2)

Vendor Advisory https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
Vendor Advisory https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf
45
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 3/34 · Minimal
Exposure 12/34 · Low