OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.
References
| Link | Resource |
|---|---|
| https://jvn.jp/vu/JVNVU99204686/index.html | Third Party Advisory |
| https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Apr 2022, 12:44
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-78 | |
| CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 7.8 |
| References | (MISC) https://jvn.jp/vu/JVNVU99204686/index.html - Third Party Advisory | |
| References | (MISC) https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ - Vendor Advisory | |
| CPE | cpe:2.3:a:yokogawa:b\/m9000_vp:*:*:*:*:*:*:*:* cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:basic:*:*:* cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:small:*:*:* cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:-:*:*:* |
15 Apr 2022, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-15 02:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-27188
Mitre link : CVE-2022-27188
CVE.ORG link : CVE-2022-27188
JSON object : View
Products Affected
yokogawa
- b\/m9000_vp
- centum_vp
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')