PT-2018-3922 · Yokogawa · Fcn-Rtu+3
Published
2018-05-21
·
Updated
2019-10-09
·
CVE-2018-10592
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Yokogawa STARDOM FCJ controllers versions R4.02 and prior
Yokogawa FCN-100 controllers versions R4.02 and prior
Yokogawa FCN-RTU controllers versions R4.02 and prior
Yokogawa FCN-500 controllers versions R4.02 and prior
Description
The issue is related to the use of hard-coded credentials in the controllers. This could allow an attacker to gain unauthorized administrative access to the device, potentially resulting in remote code execution. An unauthenticated remote attacker could exploit this issue to execute arbitrary code.
Recommendations
For Yokogawa STARDOM FCJ controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
For Yokogawa FCN-100 controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
For Yokogawa FCN-RTU controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
For Yokogawa FCN-500 controllers versions R4.02 and prior, update to a version later than R4.02 to resolve the issue.
As a temporary workaround, consider restricting access to the controllers to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fcn-100
Fcn-500
Fcn-Rtu
Stardom Fcj