Improper Privilege Management in Yokogawa products - CVE-2022-22141
Published: March 29, 2022
Vulnerability identifier: #VU61683
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-22141
CWE-ID: CWE-269
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Yokogawa
Affected software:
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
Detailed vulnerability description
The vulnerability allows a local attacker to escalate privileges.
The vulnerability exists due to inappropriate access privilege vulnerability in Long-term Data Archive Package. A local attacker can utilize a named pipe with inappropriate access privileges to delete arbitrary files.
How to mitigate CVE-2022-22141
Install updates from vendor's website.