Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for stardom_fcn_firmware by yokogawa

    CVE-2023-5915 (GCVE-0-2023-5915)

    Vulnerability from nvd – Published: 2023-12-01 06:12 – Updated: 2024-08-02 08:14
    VLAI
    Summary
    A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation STARDOM Affected: STARDOM FCN/FCJ R1.01 to R4.31
    Create a notification for this product.
    Date Public
    2023-12-01 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95177889/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "STARDOM",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "STARDOM FCN/FCJ R1.01 to R4.31"
                }
              ]
            }
          ],
          "datePublic": "2023-12-01T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation.\u0026nbsp;This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller\u2019s operation is not stopped by the condition.\u003cbr\u003e\u003cbr\u003eThe affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation.\u00a0This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller\u2019s operation is not stopped by the condition.\n\nThe affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-01T06:14:45.335Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95177889/index.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2023-5915",
        "datePublished": "2023-12-01T06:12:03.581Z",
        "dateReserved": "2023-11-02T04:37:11.569Z",
        "dateUpdated": "2024-08-02T08:14:24.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30997 (GCVE-0-2022-30997)

    Vulnerability from nvd – Published: 2022-06-28 10:06 – Updated: 2024-08-03 07:03
    VLAI
    Summary
    Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Hard-coded Credentials
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation STARDOM Controller Affected: STARDOM FCN Controller and FCJ Controller R4.10 to R4.31
    Create a notification for this product.
    yokogawa stardom_fcj_firmware Affected: r4.10 , ≤ r4.31 (custom)
        cpe:2.3:o:yokogawa:stardom_fcj_firmware:r4.10:*:*:*:*:*:*:*
    Create a notification for this product.
    yokogawa stardom_fcn_firmware Affected: r4.10 , ≤ r4.31 (custom)
        cpe:2.3:o:yokogawa:stardom_fcn_firmware:r4.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:yokogawa:stardom_fcj_firmware:r4.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "stardom_fcj_firmware",
                "vendor": "yokogawa",
                "versions": [
                  {
                    "lessThanOrEqual": "r4.31",
                    "status": "affected",
                    "version": "r4.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:yokogawa:stardom_fcn_firmware:r4.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "stardom_fcn_firmware",
                "vendor": "yokogawa",
                "versions": [
                  {
                    "lessThanOrEqual": "r4.31",
                    "status": "affected",
                    "version": "r4.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-30997",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T19:56:59.327177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T20:01:46.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:40.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controller",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "STARDOM FCN Controller and FCJ Controller R4.10 to R4.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T10:06:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-30997",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controller",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "STARDOM FCN Controller and FCJ Controller R4.10 to R4.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa Electric Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
                },
                {
                  "name": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95452299/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
                },
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-30997",
        "datePublished": "2022-06-28T10:06:01.000Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:03:40.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29519 (GCVE-0-2022-29519)

    Vulnerability from nvd – Published: 2022-06-28 10:05 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.
    Severity
    No CVSS data available.
    CWE
    • Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation STARDOM Controller Affected: STARDOM FCN Controller and FCJ Controller R1.01 to R4.31
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controller",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T10:05:31.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29519",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controller",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa Electric Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
                },
                {
                  "name": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95452299/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
                },
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29519",
        "datePublished": "2022-06-28T10:05:31.000Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5915 (GCVE-0-2023-5915)

    Vulnerability from cvelistv5 – Published: 2023-12-01 06:12 – Updated: 2024-08-02 08:14
    VLAI
    Summary
    A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation STARDOM Affected: STARDOM FCN/FCJ R1.01 to R4.31
    Create a notification for this product.
    Date Public
    2023-12-01 03:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95177889/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "STARDOM",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "STARDOM FCN/FCJ R1.01 to R4.31"
                }
              ]
            }
          ],
          "datePublic": "2023-12-01T03:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation.\u0026nbsp;This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller\u2019s operation is not stopped by the condition.\u003cbr\u003e\u003cbr\u003eThe affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation.\u00a0This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller\u2019s operation is not stopped by the condition.\n\nThe affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.\n"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-01T06:14:45.335Z",
            "orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
            "shortName": "YokogawaGroup"
          },
          "references": [
            {
              "url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf"
            },
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02"
            },
            {
              "url": "https://jvn.jp/vu/JVNVU95177889/index.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
        "assignerShortName": "YokogawaGroup",
        "cveId": "CVE-2023-5915",
        "datePublished": "2023-12-01T06:12:03.581Z",
        "dateReserved": "2023-11-02T04:37:11.569Z",
        "dateUpdated": "2024-08-02T08:14:24.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30997 (GCVE-0-2022-30997)

    Vulnerability from cvelistv5 – Published: 2022-06-28 10:06 – Updated: 2024-08-03 07:03
    VLAI
    Summary
    Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Hard-coded Credentials
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation STARDOM Controller Affected: STARDOM FCN Controller and FCJ Controller R4.10 to R4.31
    Create a notification for this product.
    yokogawa stardom_fcj_firmware Affected: r4.10 , ≤ r4.31 (custom)
        cpe:2.3:o:yokogawa:stardom_fcj_firmware:r4.10:*:*:*:*:*:*:*
    Create a notification for this product.
    yokogawa stardom_fcn_firmware Affected: r4.10 , ≤ r4.31 (custom)
        cpe:2.3:o:yokogawa:stardom_fcn_firmware:r4.10:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:yokogawa:stardom_fcj_firmware:r4.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "stardom_fcj_firmware",
                "vendor": "yokogawa",
                "versions": [
                  {
                    "lessThanOrEqual": "r4.31",
                    "status": "affected",
                    "version": "r4.10",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:yokogawa:stardom_fcn_firmware:r4.10:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "stardom_fcn_firmware",
                "vendor": "yokogawa",
                "versions": [
                  {
                    "lessThanOrEqual": "r4.31",
                    "status": "affected",
                    "version": "r4.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-30997",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T19:56:59.327177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T20:01:46.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:03:40.234Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controller",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "STARDOM FCN Controller and FCJ Controller R4.10 to R4.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T10:06:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-30997",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controller",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "STARDOM FCN Controller and FCJ Controller R4.10 to R4.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa Electric Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Hard-coded Credentials"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
                },
                {
                  "name": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95452299/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
                },
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-30997",
        "datePublished": "2022-06-28T10:06:01.000Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-03T07:03:40.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29519 (GCVE-0-2022-29519)

    Vulnerability from cvelistv5 – Published: 2022-06-28 10:05 – Updated: 2024-08-03 06:26
    VLAI
    Summary
    Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.
    Severity
    No CVSS data available.
    CWE
    • Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Yokogawa Electric Corporation STARDOM Controller Affected: STARDOM FCN Controller and FCJ Controller R1.01 to R4.31
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:26:05.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "STARDOM Controller",
              "vendor": "Yokogawa Electric Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T10:05:31.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2022-29519",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "STARDOM Controller",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Yokogawa Electric Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
                },
                {
                  "name": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf",
                  "refsource": "MISC",
                  "url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
                },
                {
                  "name": "https://jvn.jp/vu/JVNVU95452299/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/vu/JVNVU95452299/index.html"
                },
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2022-29519",
        "datePublished": "2022-06-28T10:05:31.000Z",
        "dateReserved": "2022-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:26:05.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }