Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for fcn-500_firmware by yokogawa

    CVE-2018-17902 (GCVE-0-2018-17902)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
    Severity
    No CVSS data available.
    CWE
    • CWE-384 - SESSION FIXATION CWE-384
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "SESSION FIXATION CWE-384",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SESSION FIXATION CWE-384"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17902",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:00.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17900 (GCVE-0-2018-17900)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-16 19:37
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17900",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:37:05.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17898 (GCVE-0-2018-17898)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17898",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:51.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17896 (GCVE-0-2018-17896)

    Vulnerability from nvd – Published: 2018-10-12 14:00 – Updated: 2024-09-17 00:26
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    Yokogawa STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 Affected: All versions prior to version X.X
    Create a notification for this product.
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version X.X"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version X.X"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17896",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:26:50.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10592 (GCVE-0-2018-10592)

    Vulnerability from nvd – Published: 2018-07-31 17:00 – Updated: 2024-09-16 17:38
    VLAI
    Summary
    Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:39:08.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
              },
              {
                "name": "104376",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104376"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM FCJ Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            },
            {
              "product": "STARDOM FCN-100 Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            },
            {
              "product": "STARDOM FCN-RTU Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            },
            {
              "product": "STARDOM FCN-500 Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
            },
            {
              "name": "104376",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104376"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-10592",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM FCJ Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "STARDOM FCN-100 Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "STARDOM FCN-RTU Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "STARDOM FCN-500 Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
                },
                {
                  "name": "104376",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104376"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10592",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:38:31.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17900 (GCVE-0-2018-17900)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-16 19:37
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.563Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17900",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17900",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:37:05.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17902 (GCVE-0-2018-17902)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
    Severity
    No CVSS data available.
    CWE
    • CWE-384 - SESSION FIXATION CWE-384
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.694Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "SESSION FIXATION CWE-384",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SESSION FIXATION CWE-384"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17902",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:00.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17896 (GCVE-0-2018-17896)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-17 00:26
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    Yokogawa STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 Affected: All versions prior to version X.X
    Create a notification for this product.
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.599Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version X.X"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17896",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version X.X"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17896",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:26:50.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17898 (GCVE-0-2018-17898)

    Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-17 01:01
    VLAI
    Summary
    Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
    Assigner
    References
    Impacted products
    Date Public
    2018-09-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.517Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions R4.10 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-09-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T13:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-09-28T00:00:00",
              "ID": "CVE-2018-17898",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions R4.10 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17898",
        "datePublished": "2018-10-12T14:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:01:51.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10592 (GCVE-0-2018-10592)

    Vulnerability from cvelistv5 – Published: 2018-07-31 17:00 – Updated: 2024-09-16 17:38
    VLAI
    Summary
    Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:39:08.364Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
              },
              {
                "name": "104376",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104376"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM FCJ Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            },
            {
              "product": "STARDOM FCN-100 Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            },
            {
              "product": "STARDOM FCN-RTU Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            },
            {
              "product": "STARDOM FCN-500 Controllers",
              "vendor": "Yokogawa",
              "versions": [
                {
                  "status": "affected",
                  "version": "R4.02 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
            },
            {
              "name": "104376",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104376"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-10592",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM FCJ Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "STARDOM FCN-100 Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "STARDOM FCN-RTU Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "STARDOM FCN-500 Controllers",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "R4.02 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf"
                },
                {
                  "name": "104376",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104376"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10592",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:38:31.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }