#VU62778 Improper Authentication in Yokogawa products - CVE-2022-26034

Cybersecurity Help s.r.o.

Published: 2022-05-04

Vulnerability identifier: #VU62778

Vulnerability risk: Low

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-26034

CWE-ID: CWE-287

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
CENTUM VP
Web applications / Remote management & hosting panels
CENTUM VP Entry Class
Hardware solutions / Firmware
ProSafe-RS
Hardware solutions / Firmware

Vendor: Yokogawa

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper authentication of the communication protocol provided by the Automation Design (AD) server. A remote attacker on the local network can leakage or tampering of data managed by the AD server.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CENTUM VP: R6.01.10 - R6.09.00

CENTUM VP Entry Class: R6.01.10 - R6.09.00

ProSafe-RS: R4.01.00 - R4.07.00

External links
http://jvn.jp/vu/JVNVU99204686/index.html
http://web-material3.yokogawa.com/1/32463/files/YSAR-22-0004-E.pdf?_ga=2.143762992.424376056.1651645224-1390463896.1651645224

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Authentication in Yokogawa CENTUM and ProSafe-RS