#VU61678 Improper Output Neutralization for Logs in Yokogawa products - CVE-2022-22151
Published: March 29, 2022
Vulnerability identifier: #VU61678
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-22151
CWE-ID: CWE-117
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
CENTUM VP
CENTUM CS 3000
Exaopc
CENTUM CS 3000 Entry Class
CENTUM VP Entry Class
Software vendor:
Yokogawa
Yokogawa
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to CAMS for HIS Log Server fails to properly neutralize log outputs. A remote user can cause a denial of service conditon on the target system.
Remediation
Install updates from vendor's website.