CVE-2018-10592

EUVD-2018-2664
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
yokogawafcj_firmware
𝑥
≤ r4.02
yokogawafcn-100_firmware
𝑥
≤ r4.02
yokogawafcn-rtu_firmware
𝑥
≤ r4.02
yokogawafcn-500_firmware
𝑥
≤ r4.02
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104376
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03
https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf
http://www.securityfocus.com/bid/104376
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03
https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf