Main Vulnerability Database Vulnerabilities #VU13118

#VU13118 Use of hard-coded credentials in Yokogawa products - CVE-2018-10592

Published: May 30, 2018 / Updated: June 1, 2018

Vulnerability identifier: #VU13118

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-10592

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
STARDOM FCN-500
STARDOM FCN-RTU
STARDOM FCN-100
STARDOM FCJ

Software vendor:
Yokogawa

Description

The vulnerability allows a remote attacker to gain elevated privieleges on the target system.

The vulnerability exists due to use of hard-coded credentials. A remote unauthenticated attacker can use these credentials to gain elevated privileges and execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 4.10.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03

#VU13118 Use of hard-coded credentials in Yokogawa products - CVE-2018-10592

Description

Remediation

External links

Please verify you're human