CVE-2018-17898
published 2018-10-12CVE-2018-17898: Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by…
PriorityP335high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
1.25%
65.7th percentile
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | fcj_firmware | <= r4.10 | — |
| yokogawa | fcn-100_firmware | <= r4.10 | — |
| yokogawa | fcn-500_firmware | <= r4.10 | — |
| yokogawa | fcn-rtu_firmware | <= r4.10 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jj2r-mj3g-9h98: Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4
ghsa_unreviewed·2022-05-13
CVE-2018-17898 [HIGH] CWE-400 GHSA-jj2r-mj3g-9h98: Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
CISA ICS
Yokogawa STARDOM Controllers (Update A)
cisa_ics·2018-05-31
Yokogawa STARDOM Controllers (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa STARDOM Controllers (Update A)
Last RevisedOctober 11, 2018
Alert CodeICSA-18-151-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Yokogawa
- Equipment: STARDOM Controllers
--------- Begin Update A Part 1 of 5 --------
- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials, Resource Exhaustion
--------- End Update A Part 1 of 5 --------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-151-03 Yokogaw
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-12
Published