CVE-2018-17900
published 2018-10-12CVE-2018-17900: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could…
PriorityP353critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.86%
76.6th percentile
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | fcj_firmware | <= r4.10 | — |
| yokogawa | fcn-100_firmware | <= r4.10 | — |
| yokogawa | fcn-500_firmware | <= r4.10 | — |
| yokogawa | fcn-rtu_firmware | <= r4.10 | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa STARDOM Controllers (Update A)
cisa_ics·2018-05-31
Yokogawa STARDOM Controllers (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa STARDOM Controllers (Update A)
Last RevisedOctober 11, 2018
Alert CodeICSA-18-151-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Yokogawa
- Equipment: STARDOM Controllers
--------- Begin Update A Part 1 of 5 --------
- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials, Resource Exhaustion
--------- End Update A Part 1 of 5 --------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-151-03 Yokogaw
GHSA
GHSA-22q5-57p4-rxcv: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4
ghsa_unreviewed·2022-05-13
CVE-2018-17900 [CRITICAL] CWE-522 GHSA-22q5-57p4-rxcv: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-12
Published