Path traversal in Yokogawa products - CVE-2022-21177
Published: March 29, 2022
Vulnerability identifier: #VU61679
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-21177
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
Software vendor:
Yokogawa
Yokogawa
Description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in CAMS for HIS Log Server. A remote user can send a specially crafted HTTP request and create or overwritte arbitrary files on the system.
Remediation
Install updates from vendor's website.