CVE-2018-10592
published 2018-07-31CVE-2018-10592: Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and…
PriorityP265critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.94%
93.3th percentile
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | fcj_firmware | <= r4.02 | — |
| yokogawa | fcn-100_firmware | <= r4.02 | — |
| yokogawa | fcn-500_firmware | <= r4.02 | — |
| yokogawa | fcn-rtu_firmware | <= r4.02 | — |
| yokogawa | stardom_fcj_controllers | — | — |
| yokogawa | stardom_fcn-100_controllers | — | — |
| yokogawa | stardom_fcn-500_controllers | — | — |
| yokogawa | stardom_fcn-rtu_controllers | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-10592 involves hard-coded credentials on Yokogawa STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 controllers (R4.02 and prior, later extended to R4.10 and prior); detect unauthorized administrative access attempts leveraging static credentials against these devices ↗
- →Exploitation is remotely possible with low skill level required; monitor for unexpected administrative sessions or remote code execution activity on STARDOM controller management interfaces ↗
- →No known public exploits specifically target this vulnerability as of advisory publication; prioritize detection of anomalous authentication successes on affected controllers rather than known exploit signatures ↗
- ·The hard-coded credential vulnerability (CVE-2018-10592) is NOT fully remediated by upgrading to R4.20; Yokogawa instead recommends packet filtering and network communication restrictions as the primary mitigation for this specific CVE ↗
- ·A companion vulnerability CVE-2018-17896 also involves hard-coded credentials but is scoped to maintenance functions and requires user interaction; do not conflate with CVE-2018-10592 which requires no interaction and no privileges ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa STARDOM Controllers (Update A)
cisa_ics·2018-05-31
Yokogawa STARDOM Controllers (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa STARDOM Controllers (Update A)
Last RevisedOctober 11, 2018
Alert CodeICSA-18-151-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Yokogawa
- Equipment: STARDOM Controllers
--------- Begin Update A Part 1 of 5 --------
- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials, Resource Exhaustion
--------- End Update A Part 1 of 5 --------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-151-03 Yokogaw
GHSA
GHSA-m6xr-cgmm-vx52: Yokogawa STARDOM FCJ controllers R4
ghsa_unreviewed·2022-05-13
CVE-2018-10592 [CRITICAL] CWE-798 GHSA-m6xr-cgmm-vx52: Yokogawa STARDOM FCJ controllers R4
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/104376https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdfhttp://www.securityfocus.com/bid/104376https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf
2018-07-31
Published