Vulnerabilites related to yokogawa - fcn-rtu_firmware
Vulnerability from fkie_nvd
Published
2018-10-12 14:29
Modified
2024-11-21 03:55
Severity ?
Summary
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | fcj_firmware | * | |
| yokogawa | fcj | - | |
| yokogawa | fcn-100_firmware | * | |
| yokogawa | fcn-100 | - | |
| yokogawa | fcn-rtu_firmware | * | |
| yokogawa | fcn-rtu | - | |
| yokogawa | fcn-500_firmware | * | |
| yokogawa | fcn-500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8D4A48-1191-4E3E-9FBF-283F74A2DAF0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69DBB88-A5E6-42BA-A7C1-2ADA8CF5349C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D532D5-B79A-445E-8201-0B83847AB408",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB180CFC-1A4F-4DE9-8A3A-A6F50DDDC892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBF679A-7825-408A-B336-A0CAE5996FA0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E636BC2D-506C-4D8D-BD8B-D02776AD3890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50B80091-CCE3-4303-A0CE-730719AC9178",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500FFA96-0861-4EBC-8768-68A4D4C6ECB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
},
{
"lang": "es",
"value": "En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, los controladores afectados emplean credenciales embebidas que podr\u00edan permitir que un atacante obtenga acceso no autorizado a las funciones de mantenimiento y obtenga o modifique informaci\u00f3n. El ataque solo se puede ejecutar durante los trabajos de mantenimiento."
}
],
"id": "CVE-2018-17896",
"lastModified": "2024-11-21T03:55:09.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-12T14:29:00.847",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-12 14:29
Modified
2024-11-21 03:55
Severity ?
Summary
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | fcj_firmware | * | |
| yokogawa | fcj | - | |
| yokogawa | fcn-100_firmware | * | |
| yokogawa | fcn-100 | - | |
| yokogawa | fcn-rtu_firmware | * | |
| yokogawa | fcn-rtu | - | |
| yokogawa | fcn-500_firmware | * | |
| yokogawa | fcn-500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8D4A48-1191-4E3E-9FBF-283F74A2DAF0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69DBB88-A5E6-42BA-A7C1-2ADA8CF5349C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D532D5-B79A-445E-8201-0B83847AB408",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB180CFC-1A4F-4DE9-8A3A-A6F50DDDC892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBF679A-7825-408A-B336-A0CAE5996FA0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E636BC2D-506C-4D8D-BD8B-D02776AD3890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50B80091-CCE3-4303-A0CE-730719AC9178",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500FFA96-0861-4EBC-8768-68A4D4C6ECB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
},
{
"lang": "es",
"value": "En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicaci\u00f3n web protege incorrectamente las credenciales, lo que podr\u00eda permitir que un atacante obtenga credenciales para acceder remotamente a los controladores."
}
],
"id": "CVE-2018-17900",
"lastModified": "2024-11-21T03:55:10.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-12T14:29:01.207",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-31 17:29
Modified
2024-11-21 03:41
Severity ?
Summary
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/104376 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104376 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | fcj_firmware | * | |
| yokogawa | fcj | - | |
| yokogawa | fcn-100_firmware | * | |
| yokogawa | fcn-100 | - | |
| yokogawa | fcn-rtu_firmware | * | |
| yokogawa | fcn-rtu | - | |
| yokogawa | fcn-500_firmware | * | |
| yokogawa | fcn-500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFEF0D4A-1FAD-4935-BB42-2120EEEEA205",
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69DBB88-A5E6-42BA-A7C1-2ADA8CF5349C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA797459-D1AD-4BD6-9F9B-EECFC2548E31",
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB180CFC-1A4F-4DE9-8A3A-A6F50DDDC892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "301CCAA4-3B78-4074-887F-BD9571FB0171",
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E636BC2D-506C-4D8D-BD8B-D02776AD3890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB434F5-A970-497E-B5B2-207B9FC6AAAE",
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500FFA96-0861-4EBC-8768-68A4D4C6ECB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution."
},
{
"lang": "es",
"value": "Los controladores Yokogawa STARDOM FCJ R4.02 y anteriores, FCN-100 R4.02 y anteriores, FCN-RTU R4.02 y anteriores y FCN-500 y anteriores R4.02 emplean credenciales embebidas que podr\u00edan permitir que un atacante obtenga acceso administrativo no autorizado al dispositivo, lo que podr\u00eda resultar en la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2018-10592",
"lastModified": "2024-11-21T03:41:37.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-31T17:29:00.233",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104376"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-12 14:29
Modified
2024-11-21 03:55
Severity ?
Summary
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | fcj_firmware | * | |
| yokogawa | fcj | - | |
| yokogawa | fcn-100_firmware | * | |
| yokogawa | fcn-100 | - | |
| yokogawa | fcn-rtu_firmware | * | |
| yokogawa | fcn-rtu | - | |
| yokogawa | fcn-500_firmware | * | |
| yokogawa | fcn-500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8D4A48-1191-4E3E-9FBF-283F74A2DAF0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69DBB88-A5E6-42BA-A7C1-2ADA8CF5349C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D532D5-B79A-445E-8201-0B83847AB408",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB180CFC-1A4F-4DE9-8A3A-A6F50DDDC892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBF679A-7825-408A-B336-A0CAE5996FA0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E636BC2D-506C-4D8D-BD8B-D02776AD3890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50B80091-CCE3-4303-A0CE-730719AC9178",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500FFA96-0861-4EBC-8768-68A4D4C6ECB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
},
{
"lang": "es",
"value": "En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicaci\u00f3n del controlador no evita el agotamiento de memoria debido a peticiones no autorizadas. Esto podr\u00eda permitir que el atacante provoque que el controlador se vuelva inestable."
}
],
"id": "CVE-2018-17898",
"lastModified": "2024-11-21T03:55:09.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-12T14:29:01.033",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-12 14:29
Modified
2024-11-21 03:55
Severity ?
Summary
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | fcj_firmware | * | |
| yokogawa | fcj | - | |
| yokogawa | fcn-100_firmware | * | |
| yokogawa | fcn-100 | - | |
| yokogawa | fcn-rtu_firmware | * | |
| yokogawa | fcn-rtu | - | |
| yokogawa | fcn-500_firmware | * | |
| yokogawa | fcn-500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8D4A48-1191-4E3E-9FBF-283F74A2DAF0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69DBB88-A5E6-42BA-A7C1-2ADA8CF5349C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96D532D5-B79A-445E-8201-0B83847AB408",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB180CFC-1A4F-4DE9-8A3A-A6F50DDDC892",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBF679A-7825-408A-B336-A0CAE5996FA0",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E636BC2D-506C-4D8D-BD8B-D02776AD3890",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50B80091-CCE3-4303-A0CE-730719AC9178",
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "500FFA96-0861-4EBC-8768-68A4D4C6ECB3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
},
{
"lang": "es",
"value": "En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicaci\u00f3n emplea m\u00faltiples m\u00e9todos de gesti\u00f3n de sesiones, lo que podr\u00eda resultar en una denegaci\u00f3n de servicio (DoS) de las funciones de gesti\u00f3n remota."
}
],
"id": "CVE-2018-17902",
"lastModified": "2024-11-21T03:55:10.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-12T14:29:01.423",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-10592 (GCVE-0-2018-10592)
Vulnerability from cvelistv5
Published
2018-07-31 17:00
Modified
2024-09-16 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - USE OF HARD-CODED CREDENTIALS
Summary
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Yokogawa | STARDOM FCJ Controllers |
Version: R4.02 and prior |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
},
{
"name": "104376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104376"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM FCJ Controllers",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.02 and prior"
}
]
},
{
"product": "STARDOM FCN-100 Controllers",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.02 and prior"
}
]
},
{
"product": "STARDOM FCN-RTU Controllers",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.02 and prior"
}
]
},
{
"product": "STARDOM FCN-500 Controllers",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.02 and prior"
}
]
}
],
"datePublic": "2018-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "USE OF HARD-CODED CREDENTIALS CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
},
{
"name": "104376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104376"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2018-10592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM FCJ Controllers",
"version": {
"version_data": [
{
"version_value": "R4.02 and prior"
}
]
}
},
{
"product_name": "STARDOM FCN-100 Controllers",
"version": {
"version_data": [
{
"version_value": "R4.02 and prior"
}
]
}
},
{
"product_name": "STARDOM FCN-RTU Controllers",
"version": {
"version_data": [
{
"version_value": "R4.02 and prior"
}
]
}
},
{
"product_name": "STARDOM FCN-500 Controllers",
"version": {
"version_data": [
{
"version_value": "R4.02 and prior"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
},
{
"name": "104376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104376"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10592",
"datePublished": "2018-07-31T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T17:38:31.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17900 (GCVE-0-2018-17900)
Vulnerability from cvelistv5
Published
2018-10-12 14:00
Modified
2024-09-16 19:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS
Summary
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa | STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 |
Version: All versions R4.10 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "All versions R4.10 and prior"
}
]
}
],
"datePublic": "2018-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T13:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-28T00:00:00",
"ID": "CVE-2018-17900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"version": {
"version_data": [
{
"version_value": "All versions R4.10 and prior"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17900",
"datePublished": "2018-10-12T14:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-16T19:37:05.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17896 (GCVE-0-2018-17896)
Vulnerability from cvelistv5
Published
2018-10-12 14:00
Modified
2024-09-17 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - USE OF HARD-CODED CREDENTIALS
Summary
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa | STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 |
Version: All versions prior to version X.X |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "All versions prior to version X.X"
}
]
}
],
"datePublic": "2018-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "USE OF HARD-CODED CREDENTIALS CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T13:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-28T00:00:00",
"ID": "CVE-2018-17896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"version": {
"version_data": [
{
"version_value": "All versions prior to version X.X"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17896",
"datePublished": "2018-10-12T14:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-17T00:26:50.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17898 (GCVE-0-2018-17898)
Vulnerability from cvelistv5
Published
2018-10-12 14:00
Modified
2024-09-17 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION')
Summary
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa | STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 |
Version: All versions R4.10 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "All versions R4.10 and prior"
}
]
}
],
"datePublic": "2018-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T13:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-28T00:00:00",
"ID": "CVE-2018-17898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"version": {
"version_data": [
{
"version_value": "All versions R4.10 and prior"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17898",
"datePublished": "2018-10-12T14:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-17T01:01:51.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17902 (GCVE-0-2018-17902)
Vulnerability from cvelistv5
Published
2018-10-12 14:00
Modified
2024-09-16 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-384 - SESSION FIXATION
Summary
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa | STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 |
Version: All versions R4.10 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "All versions R4.10 and prior"
}
]
}
],
"datePublic": "2018-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "SESSION FIXATION CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T13:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-28T00:00:00",
"ID": "CVE-2018-17902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"version": {
"version_data": [
{
"version_value": "All versions R4.10 and prior"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SESSION FIXATION CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17902",
"datePublished": "2018-10-12T14:00:00Z",
"dateReserved": "2018-10-02T00:00:00",
"dateUpdated": "2024-09-16T18:34:00.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}