Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 by Yokogawa

    CVE-2018-17902 (GCVE-0-2018-17902)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
    Severity
    No CVSS data available.
    CWE
    • CWE-384 - SESSION FIXATION CWE-384
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "SESSION FIXATION CWE-384",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SESSION FIXATION CWE-384"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17902",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:00.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17900 (GCVE-0-2018-17900)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-16 19:37
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17900",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:37:05.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17898 (GCVE-0-2018-17898)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17898",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:51.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17896 (GCVE-0-2018-17896)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-17 00:26
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    Yokogawa STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 Affected: All versions prior to version X.X
    Create a notification for this product.
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version X.X"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version X.X"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17896",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:26:50.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17900 (GCVE-0-2018-17900)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-16 19:37
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17900",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:37:05.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17902 (GCVE-0-2018-17902)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
    Severity
    No CVSS data available.
    CWE
    • CWE-384 - SESSION FIXATION CWE-384
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "SESSION FIXATION CWE-384",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SESSION FIXATION CWE-384"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17902",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:00.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17896 (GCVE-0-2018-17896)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-17 00:26
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    Yokogawa STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 Affected: All versions prior to version X.X
    Create a notification for this product.
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version X.X"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version X.X"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17896",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:26:50.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17898 (GCVE-0-2018-17898)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17898",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:51.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }