CVE Tools
Sign in

CVE-2022-30707

Published: Jun 28, 2022Updated: Nov 21, 2024 Sources: CVE List NVD BDU csafNVD-CWE-Other
NVD MITRE
8.8CVSSHIGH
EPSS Score
0.6%
Top 58.2%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.

CVSS Vector Breakdown

AV:AAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:AAttack Vector
Adjacent
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

NVD-CWE-Other

Affected Products

centum cs 3000 firmwareyokogawaICS / OT / IoT
centum cs 3000 entry class firmwareyokogawaICS / OT / IoT
centum vp firmwareyokogawaICS / OT / IoT
centum vp entry class firmwareyokogawaICS / OT / IoT
exaopcyokogawaICS / OT / IoT
yokogawacommercialJPICS / OT / IoTaka yokogawa electric corporation
and 8 more affected products View all →

Exploitability

Official Patch Available

References

https://jvn.jp/vu/JVNVU92819891/index.html
jvn.jp
https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf
web-material3.yokogawa.com
https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf
web-material3.yokogawa.com
and 7 more references View all →

Timeline

Published
Jun 28, 2022
Last Updated
Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-30707 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows