#VU61676 Path traversal in Yokogawa products - CVE-2022-21808
Published: March 29, 2022
Vulnerability identifier: #VU61676
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-21808
CWE-ID: CWE-22
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
Software vendor:
Yokogawa
Yokogawa
Description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker on the local network can send a specially crafted packet to a CAMS for HIS server and read and write arbitrary files on the system.
Remediation
Install updates from vendor's website.