CVE-2022-26034 Information
Jun 07, 2022
cve
Description
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00 CENTUM VP Small R6.01.10 to R6.09.00 CENTUM VP Basic R6.01.10 to R6.09.00 and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Reference
https://jvn.jp/vu/JVNVU99204686/index.html https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
NONE
Base Severity
9.1
Share on: