Details of VAR-202208-0172

ID

VAR-202208-0172

CVE

CVE-2022-33939

TITLE

CENTUM controller FCS Inadequate processing of communication packets in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002160

DESCRIPTION

CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. This vulnerability information is provided by the developer for the purpose of dissemination to product users

Trust: 1.62

sources: NVD: CVE-2022-33939 // JVNDB: JVNDB-2022-002160

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum vp 3000 cp401	scope:	gte	version:	r4.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp451	scope:	gte	version:	r5.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp401	scope:	lt	version:	r6.03.10	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp451	scope:	lte	version:	r4.03.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp451	scope:	gte	version:	r4.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 cp401	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 cp451	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp451	scope:	lt	version:	r5.04.78	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp451	scope:	lt	version:	r6.03.10	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp401	scope:	lte	version:	r4.03.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 cp345	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 cp31	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp401	scope:	gte	version:	r6.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp401	scope:	lt	version:	r5.04.78	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp451	scope:	gte	version:	r6.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp 3000 cp401	scope:	gte	version:	r5.01.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 cp33	scope:	eq	version:	-	Trust: 1.0
vendor:	横河電機株式会社	model:	centum cs 3000	scope:	-	version:	-	Trust: 0.8
vendor:	横河電機株式会社	model:	centum vp	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002160 // NVD: CVE-2022-33939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-33939
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2022-002160
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202208-3132
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-33939
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2022-002160
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-002160 // CNNVD: CNNVD-202208-3132 // NVD: CVE-2022-33939

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002160 // NVD: CVE-2022-33939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3132

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202208-3132

PATCH

title:	YSAR-22-0008	url:	https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/	Trust: 0.8
title:	Yokogawa Electric CENTUM VP / CS 3000 controller FCS Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204790	Trust: 0.6

sources: JVNDB: JVNDB-2022-002160 // CNNVD: CNNVD-202208-3132

EXTERNAL IDS

db:	NVD	id:	CVE-2022-33939	Trust: 3.2
db:	JVN	id:	JVNVU94343729	Trust: 2.4
db:	ICS CERT	id:	ICSA-22-228-01	Trust: 1.4
db:	JVNDB	id:	JVNDB-2022-002160	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.4071	Trust: 0.6
db:	CNNVD	id:	CNNVD-202208-3132	Trust: 0.6

sources: JVNDB: JVNDB-2022-002160 // CNNVD: CNNVD-202208-3132 // NVD: CVE-2022-33939

REFERENCES

url:	https://jvn.jp/vu/jvnvu94343729/index.html	Trust: 2.4
url:	https://web-material3.yokogawa.com/1/33029/files/ysar-22-0008-e.pdf	Trust: 1.6
url:	https://web-material3.yokogawa.com/19/33029/files/ysar-22-0008-j.pdf	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-33939	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-01	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2022.4071	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-228-01	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-33939/	Trust: 0.6

sources: JVNDB: JVNDB-2022-002160 // CNNVD: CNNVD-202208-3132 // NVD: CVE-2022-33939

CREDITS

Noriko Takahashi of JPCERT/CC reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202208-3132

SOURCES

db:	JVNDB	id:	JVNDB-2022-002160
db:	CNNVD	id:	CNNVD-202208-3132
db:	NVD	id:	CVE-2022-33939

LAST UPDATE DATE

2024-08-14T14:43:49.360000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-002160	date:	2024-06-14T03:32:00
db:	CNNVD	id:	CNNVD-202208-3132	date:	2022-08-18T00:00:00
db:	NVD	id:	CVE-2022-33939	date:	2023-08-08T14:22:24.967

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-002160	date:	2022-08-02T00:00:00
db:	CNNVD	id:	CNNVD-202208-3132	date:	2022-08-16T00:00:00
db:	NVD	id:	CVE-2022-33939	date:	2022-08-16T08:15:07.477