CVE-2022-26034

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:yokogawa:b\/m9000_vp:*:*:*:*:*:*:*:*
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:-:*:*:*
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:basic:*:*:*
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:small:*:*:*

History

21 Nov 2024, 06:53

Type Values Removed Values Added
References () https://jvn.jp/vu/JVNVU99204686/index.html - Third Party Advisory () https://jvn.jp/vu/JVNVU99204686/index.html - Third Party Advisory
References () https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ - Vendor Advisory () https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ - Vendor Advisory

22 Apr 2022, 18:45

Type Values Removed Values Added
CWE CWE-287
CPE cpe:2.3:a:yokogawa:b\/m9000_vp:*:*:*:*:*:*:*:*
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:basic:*:*:*
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:small:*:*:*
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:-:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 5.8
v3 : 9.1
References (MISC) https://jvn.jp/vu/JVNVU99204686/index.html - (MISC) https://jvn.jp/vu/JVNVU99204686/index.html - Third Party Advisory
References (MISC) https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ - (MISC) https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ - Vendor Advisory

15 Apr 2022, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-15 02:15

Updated : 2024-11-21 06:53


NVD link : CVE-2022-26034

Mitre link : CVE-2022-26034

CVE.ORG link : CVE-2022-26034


JSON object : View

Products Affected

yokogawa

  • centum_vp
  • b\/m9000_vp
CWE
CWE-287

Improper Authentication