CVE-2018-17896

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:55

Type Values Removed Values Added
References () https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 - Third Party Advisory, US Government Resource
References () https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf - Vendor Advisory () https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf - Vendor Advisory

Information

Published : 2018-10-12 14:29

Updated : 2024-11-21 03:55


NVD link : CVE-2018-17896

Mitre link : CVE-2018-17896

CVE.ORG link : CVE-2018-17896


JSON object : View

Products Affected

yokogawa

  • fcn-500
  • fcn-rtu_firmware
  • fcn-rtu
  • fcn-500_firmware
  • fcj
  • fcn-100_firmware
  • fcj_firmware
  • fcn-100
CWE
CWE-798

Use of Hard-coded Credentials