CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-17900
https://notcve.org/view.php?id=CVE-2018-17900
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicación web protege incorrectamente las credenciales, lo que podría permitir que un atacante obtenga credenciales para acceder remotamente a los controladores. • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2018-17902
https://notcve.org/view.php?id=CVE-2018-17902
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicación emplea múltiples métodos de gestión de sesiones, lo que podría resultar en una denegación de servicio (DoS) de las funciones de gestión remota. • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-384: Session Fixation •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2018-17896
https://notcve.org/view.php?id=CVE-2018-17896
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, los controladores afectados emplean credenciales embebidas que podrían permitir que ... • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-17898
https://notcve.org/view.php?id=CVE-2018-17898
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicación del controlador no evita el agotamiento de memoria debido a peticiones no autorizadas. Esto podría permitir que el atacante provoque que el ... • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2018-10592
https://notcve.org/view.php?id=CVE-2018-10592
31 Jul 2018 — Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution. Los controladores Yokogawa STARDOM FCJ R4.02 y anteriores, FCN-100 R4.02 y anteriores, FCN-RTU R4.02 y anteriores y FCN-500 y anteriores R4.02 emplean credenciales embebidas que podrían... • http://www.securityfocus.com/bid/104376 • CWE-798: Use of Hard-coded Credentials •