CVE-2018-17896
published 2018-10-12CVE-2018-17896: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may…
PriorityP342high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
1.21%
64.8th percentile
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | fcj_firmware | <= r4.10 | — |
| yokogawa | fcn-100_firmware | <= r4.10 | — |
| yokogawa | fcn-500_firmware | <= r4.10 | — |
| yokogawa | fcn-rtu_firmware | <= r4.10 | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa STARDOM Controllers (Update A)
cisa_ics·2018-05-31
Yokogawa STARDOM Controllers (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa STARDOM Controllers (Update A)
Last RevisedOctober 11, 2018
Alert CodeICSA-18-151-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Yokogawa
- Equipment: STARDOM Controllers
--------- Begin Update A Part 1 of 5 --------
- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials, Resource Exhaustion
--------- End Update A Part 1 of 5 --------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-151-03 Yokogaw
GHSA
GHSA-xx3v-pjx9-qmj7: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4
ghsa_unreviewed·2022-05-13
CVE-2018-17896 [HIGH] CWE-798 GHSA-xx3v-pjx9-qmj7: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-12
Published