← Back

CVE-2018-17896

nvd nist
Published: Oct 12, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.

Affected (4)

Yokogawa
4 products
Fcj Firmware
Fcn 100 Firmware
Fcn Rtu Firmware
Fcn 500 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fcj Firmware
Up to r4.10
Running on/withPlatform Versions
Yokogawa
Fcj
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fcn 100 Firmware
Up to r4.10
Running on/withPlatform Versions
Yokogawa
Fcn 100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fcn Rtu Firmware
Up to r4.10
Running on/withPlatform Versions
Yokogawa
Fcn Rtu
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fcn 500 Firmware
Up to r4.10
Running on/withPlatform Versions
Yokogawa
Fcn 500
All versions

Related CWEs

CWE-798
Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.