Main Vulnerability Database Vulnerabilities #VU62777

#VU62777 OS Command Injection in Yokogawa products - CVE-2022-27188

Published: May 4, 2022

Vulnerability identifier: #VU62777

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-27188

CWE-ID: CWE-78

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
CENTUM VP
B/M9000 VP
CENTUM VP Entry Class

Software vendor:
Yokogawa

Description

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A local user can tamper with files generated by the graphic builder and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://jvn.jp/vu/JVNVU99204686/index.html
https://web-material3.yokogawa.com/1/32463/files/YSAR-22-0004-E.pdf?_ga=2.143762992.424376056.1651645224-1390463896.1651645224

#VU62777 OS Command Injection in Yokogawa products - CVE-2022-27188

Description

Remediation

External links

Please verify you're human