PT-2018-3922 · Yokogawa · Fcn-Rtu+3
Publicado
2018-05-21
·
Atualizado
2019-10-09
·
CVE-2018-10592
CVSS v3.1
10
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Yokogawa STARDOM FCJ controllers versions R4.02 and prior
Yokogawa FCN-100 controllers versions R4.02 and prior
Yokogawa FCN-RTU controllers versions R4.02 and prior
Yokogawa FCN-500 controllers versions R4.02 and prior
Description
The issue is related to the use of hard-coded credentials in the controllers. This could allow an attacker to gain unauthorized administrative access to the device, potentially resulting in remote code execution. An unauthenticated remote attacker could exploit this issue to execute arbitrary code.
Recommendations
For Yokogawa STARDOM FCJ controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
For Yokogawa FCN-100 controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
For Yokogawa FCN-RTU controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
For Yokogawa FCN-500 controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
As a temporary workaround, consider restricting access to the controllers to minimize the risk of exploitation.
Correção
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fcn-100
Fcn-500
Fcn-Rtu
Stardom Fcj