Main Vulnerability Database Vulnerabilities #VU13118

Use of hard-coded credentials in Yokogawa products - CVE-2018-10592

Published: May 30, 2018 / Updated: June 1, 2018

Vulnerability identifier: #VU13118

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-10592

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Yokogawa

Affected software:
STARDOM FCN-500
STARDOM FCN-RTU
STARDOM FCN-100
STARDOM FCJ

Detailed vulnerability description

The vulnerability allows a remote attacker to gain elevated privieleges on the target system.

The vulnerability exists due to use of hard-coded credentials. A remote unauthenticated attacker can use these credentials to gain elevated privileges and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-10592

Update to version 4.10.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03

Use of hard-coded credentials in Yokogawa products - CVE-2018-10592

Detailed vulnerability description

How to mitigate CVE-2018-10592

Sources

Please verify you're human