admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

JPCERT/CC 2022-06-28-19-01

Browse Source
This commit is contained in:
Ikuya Fukumoto 2022-06-28 19:02:19 +09:00
parent ab29c43aeb
commit 5d9f76d861
No known key found for this signature in database
GPG Key ID: 603034D3468A3441
3 changed files with 159 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2022/29xxx/CVE-2022-29519.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29519",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yokogawa Electric Corporation",
"product": {
"product_data": [
{
"product_name": "STARDOM Controller",
"version": {
"version_data": [
{
"version_value": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."
}
]
}

56
2022/30xxx/CVE-2022-30707.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yokogawa Electric Corporation",
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Violation of Secure Design Principles"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
}
]
}

56
2022/30xxx/CVE-2022-30997.json
View File

@ -4,14 +4,64 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-30997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Yokogawa Electric Corporation",
"product": {
"product_data": [
{
"product_name": "STARDOM Controller",
"version": {
"version_data": [
{
"version_value": "STARDOM FCN Controller and FCJ Controller R4.10 to R4.31"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware."
}
]
}