#VU64635 Use of hard-coded credentials in STARDOM FCN/FCJ Simulator - CVE-2022-30997
Published: June 24, 2022
Vulnerability identifier: #VU64635
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-30997
CWE-ID: CWE-798
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
STARDOM FCN/FCJ Simulator
STARDOM FCN/FCJ Simulator
Software vendor:
Yokogawa
Yokogawa
Description
The vulnerability allows a remote user to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A remote administrator on the local network can read/change configuration settings or update the controller with tampered firmware.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.