CVE-2022-23402 – This vulnerability involves hard-coded credenti... (How to Fix)

Q: What is the severity of CVE-2022-23402?

CVE-2022-23402 has a CVSS score of 9.8 (CRITICAL). This vulnerability involves hard-coded credentials in Yokogawa Electric's CENTUM VP and Exaopc products, allowing attackers to gain unauthorized access to CAMS server applications. Affected organizations include industrial control system operators using these specific versions.

📋 TL;DR

This vulnerability involves hard-coded credentials in Yokogawa Electric's CENTUM VP and Exaopc products, allowing attackers to gain unauthorized access to CAMS server applications. Affected organizations include industrial control system operators using these specific versions.

💻 Affected Systems

Products:

CENTUM VP
Exaopc

Versions: CENTUM VP: R5.01.00 to R5.04.20 and R6.01.00 to R6.08.00; Exaopc: R3.72.00 to R3.79.00

Operating Systems: Windows-based industrial control systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects CAMS server applications within these products; requires network access to vulnerable components

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to operational disruption, safety hazards, or data exfiltration

🟠

Likely Case

Unauthorized access to control systems allowing configuration changes, data theft, or denial of service

🟢

If Mitigated

Limited impact if systems are air-gapped and access controls are properly implemented

🌐 Internet-Facing: HIGH if systems are exposed to internet, as hard-coded credentials are easily discoverable

🏢 Internal Only: MEDIUM to HIGH depending on network segmentation and internal threat actors

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of hard-coded credentials but no authentication; trivial for attackers with network access

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CENTUM VP: R5.04.30 or later, R6.08.10 or later; Exaopc: R3.79.10 or later

Vendor Advisory: https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Restart Required: Yes

Instructions:

1. Download patches from Yokogawa support portal. 2. Apply patches following vendor documentation. 3. Restart affected systems. 4. Change all passwords after patching.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected systems from untrusted networks

Access control lists

all

Restrict network access to CAMS servers using firewalls

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to vulnerable systems
Monitor for unauthorized access attempts and implement multi-factor authentication where possible

🔍 How to Verify

Check if Vulnerable:

Check product version against affected ranges; review system configuration for hard-coded credentials

Check Version:

Check via product management interface or vendor documentation

Verify Fix Applied:

Verify installed version is patched; test authentication with changed credentials

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts, unexpected login events, configuration changes

Network Indicators:

Unauthorized access to CAMS server ports, unusual traffic patterns

SIEM Query:

source="industrial_control" AND (event_type="authentication" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2022-23402

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: March 11, 2022

Last Updated: November 21, 2024

🔗 References

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf Vendor Advisory
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23402, you might also want to check these: