CVE-2018-17902
published 2018-10-12CVE-2018-17902: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management…
PriorityP422medium5.3CVSS 3.0
AVNACLPRNUINSUCNINAL
EPSS
1.11%
61.7th percentile
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | fcj_firmware | <= r4.10 | — |
| yokogawa | fcn-100_firmware | <= r4.10 | — |
| yokogawa | fcn-500_firmware | <= r4.10 | — |
| yokogawa | fcn-rtu_firmware | <= r4.10 | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa STARDOM Controllers (Update A)
cisa_ics·2018-05-31
Yokogawa STARDOM Controllers (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa STARDOM Controllers (Update A)
Last RevisedOctober 11, 2018
Alert CodeICSA-18-151-03
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Yokogawa
- Equipment: STARDOM Controllers
--------- Begin Update A Part 1 of 5 --------
- Vulnerabilities: Use of Hard-coded Credentials, Session Fixation, Insufficiently Protected Credentials, Resource Exhaustion
--------- End Update A Part 1 of 5 --------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-18-151-03 Yokogaw
GHSA
GHSA-w3f9-4vpm-p9h8: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4
ghsa_unreviewed·2022-05-13
CVE-2018-17902 [MEDIUM] CWE-384 GHSA-w3f9-4vpm-p9h8: Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-12
Published