CENTUM VP products command execution | CVE-2022-27188
NAME
CENTUM VP products command execution
- Platforms Affected:
Yokogawa Electric Corporation CENTUM VP 4.01.00
Yokogawa Electric Corporation CENTUM VP Small 4.01.00
Yokogawa Electric Corporation CENTUM VP Basic 4.01.00
Yokogawa Electric Corporation CENTUM VP 4.03.00
Yokogawa Electric Corporation CENTUM VP Small 4.03.00
Yokogawa Electric Corporation CENTUM VP Basic 4.03.00 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
CENTUM VP products could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By modifying the file generated by the Graphic Builder component, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to Yokogawa Electric Corporation Web site for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://jvn.jp/vu/JVNVU99204686/index.html - Reference Link:
https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.