CVE-2018-17896
Severity Score
8.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, los controladores afectados emplean credenciales embebidas que podrÃan permitir que un atacante obtenga acceso no autorizado a las funciones de mantenimiento y obtenga o modifique información. El ataque solo se puede ejecutar durante los trabajos de mantenimiento.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-10-02 CVE Reserved
- 2018-10-12 CVE Published
- 2024-09-17 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yokogawa Search vendor "Yokogawa" | Fcj Firmware Search vendor "Yokogawa" for product "Fcj Firmware" | <= r4.10 Search vendor "Yokogawa" for product "Fcj Firmware" and version " <= r4.10" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Fcj Search vendor "Yokogawa" for product "Fcj" | - | - |
Safe
|
| Yokogawa Search vendor "Yokogawa" | Fcn-100 Firmware Search vendor "Yokogawa" for product "Fcn-100 Firmware" | <= r4.10 Search vendor "Yokogawa" for product "Fcn-100 Firmware" and version " <= r4.10" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Fcn-100 Search vendor "Yokogawa" for product "Fcn-100" | - | - |
Safe
|
| Yokogawa Search vendor "Yokogawa" | Fcn-rtu Firmware Search vendor "Yokogawa" for product "Fcn-rtu Firmware" | <= r4.10 Search vendor "Yokogawa" for product "Fcn-rtu Firmware" and version " <= r4.10" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Fcn-rtu Search vendor "Yokogawa" for product "Fcn-rtu" | - | - |
Safe
|
| Yokogawa Search vendor "Yokogawa" | Fcn-500 Firmware Search vendor "Yokogawa" for product "Fcn-500 Firmware" | <= r4.10 Search vendor "Yokogawa" for product "Fcn-500 Firmware" and version " <= r4.10" | - |
Affected
| in | Yokogawa Search vendor "Yokogawa" | Fcn-500 Search vendor "Yokogawa" for product "Fcn-500" | - | - |
Safe
|