CVE-2018-10592

Published Jul 31, 2018

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-798
ics-cert@hq.dhs.gov: CWE-798

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFEF0D4A-1FAD-4935-BB42-2120EEEEA205",
            "versionEndIncluding": "r4.02"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B69DBB88-A5E6-42BA-A7C1-2ADA8CF5349C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA797459-D1AD-4BD6-9F9B-EECFC2548E31",
            "versionEndIncluding": "r4.02"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB180CFC-1A4F-4DE9-8A3A-A6F50DDDC892"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "301CCAA4-3B78-4074-887F-BD9571FB0171",
            "versionEndIncluding": "r4.02"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E636BC2D-506C-4D8D-BD8B-D02776AD3890"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EB434F5-A970-497E-B5B2-207B9FC6AAAE",
            "versionEndIncluding": "r4.02"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "500FFA96-0861-4EBC-8768-68A4D4C6ECB3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References