Vulnerabilities > Yokogawa > Exaopc > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-11 | CVE-2022-21177 | Path Traversal vulnerability in Yokogawa products There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 4.9 |
2022-03-11 | CVE-2022-21194 | Use of Hard-coded Credentials vulnerability in Yokogawa products The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. | 6.8 |
2022-03-11 | CVE-2022-21808 | Path Traversal vulnerability in Yokogawa products Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 6.0 |
2022-03-11 | CVE-2022-22141 | Improper Privilege Management vulnerability in Yokogawa products 'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. | 4.4 |
2022-03-11 | CVE-2022-22145 | Resource Exhaustion vulnerability in Yokogawa products CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. | 4.9 |
2022-03-11 | CVE-2022-22148 | Incorrect Permission Assignment for Critical Resource vulnerability in Yokogawa products 'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. | 6.9 |
2022-03-11 | CVE-2022-22151 | Improper Encoding or Escaping of Output vulnerability in Yokogawa products CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | 4.9 |
2022-03-11 | CVE-2022-22729 | Improper Authentication vulnerability in Yokogawa products CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. | 6.0 |
2019-12-26 | CVE-2019-6008 | Unquoted Search Path or Element vulnerability in Yokogawa products An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. | 6.8 |
2019-01-09 | CVE-2018-16196 | Improper Input Validation vulnerability in Yokogawa products Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors. | 5.0 |