CVE-2022-33939

Published Aug 16, 2022

Last updated a year ago

CVSS high 7.5

Overview

Description: CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_cp401:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E8511463-A9DC-477B-882F-1744C84A84B9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_cp401_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63BC221D-5F4B-40DE-932E-A411B92B99DA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_cp451:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "07C79653-8637-48BC-BAE8-65EA4AF2BC24"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_cp451_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB0CF365-F2FB-4161-B6CA-4B96A9C49E9F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_cp33:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43CEE4DB-B0E6-4601-8928-118CB2090835"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_cp33_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D016D13-384F-44BF-BCE9-3877CB5578E3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_cp345:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F43D403-E27E-4577-A706-610CCB524470"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_cp345_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BF734C4-21B3-4C37-9386-22FEE9B95839"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_cp31:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "13E46D17-1D1F-4E5C-9598-AD7704984D2B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_cp31_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DAC76A7-195B-41BA-8AAB-7367B107F42B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_vp_3000_cp401:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC4DA9A9-5049-428E-BCFC-ADF44F1F4343"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_vp_3000_cp401_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5911D80-4209-451B-AD55-98FDD11DFEB9",
            "versionEndIncluding": "r4.03.00",
            "versionStartIncluding": "r4.01.00"
          },
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_vp_3000_cp401_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "618C10CD-59CE-4F7C-A772-B637881C0A76",
            "versionEndExcluding": "r5.04.78",
            "versionStartIncluding": "r5.01.00"
          },
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_vp_3000_cp401_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9069454-D559-4480-ABDD-EAD86FF627D6",
            "versionEndExcluding": "r6.03.10",
            "versionStartIncluding": "r6.01.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_vp_3000_cp451:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "512E272E-29BE-48F0-A49E-AC870706010A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_vp_3000_cp451_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BA79528-86D3-49B8-AF88-D6158F8A6BB2",
            "versionEndIncluding": "r4.03.00",
            "versionStartIncluding": "r4.01.00"
          },
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_vp_3000_cp451_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "617524B6-A350-42B1-8727-6DAEBE24EE1C",
            "versionEndExcluding": "r5.04.78",
            "versionStartIncluding": "r5.01.00"
          },
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_vp_3000_cp451_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C90D42A8-0A32-46F1-A76D-505ADC636AFC",
            "versionEndExcluding": "r6.03.10",
            "versionStartIncluding": "r6.01.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References