Search criteria
5 vulnerabilities found for fcn-500 by yokogawa
VAR-201810-0483
Vulnerability from variot - Updated: 2023-12-18 12:01Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller's maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A security vulnerability exists in several Yokogawa products due to the use of hard-coded credentials in the controller. The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0483",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fcn-500",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "fcn-500",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17896"
}
]
},
"cve": "CVE-2018-17896",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-128401",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "High"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-17896",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-668",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-128401",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller\u0027s maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A security vulnerability exists in several Yokogawa products due to the use of hard-coded credentials in the controller. The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "VULHUB",
"id": "VHN-128401"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17896",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-151-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92639220",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-668",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128401",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"id": "VAR-201810-0483",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128401"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:01:12.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-18-0004 STARDOM \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/19/6712/details/ysar-18-0004-j.pdf"
},
{
"title": "YSAR-18-0007: STARDOM\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-j.jp.pdf"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85786"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128401"
},
{
"db": "NVD",
"id": "CVE-2018-17896"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-03"
},
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-e.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17898"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92639220/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17898"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128401"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-128401"
},
{
"date": "2018-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2018-10-12T14:29:00.847000",
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"date": "2018-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-128401"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2019-10-09T23:37:00.723000",
"db": "NVD",
"id": "CVE-2018-17896"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARDOM Multiple vulnerabilities in controller",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-668"
}
],
"trust": 0.6
}
}
VAR-201810-0487
Vulnerability from variot - Updated: 2023-12-18 12:01Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller's maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A security vulnerability exists in several Yokogawa products due to improper protection of credentials by web applications. The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fcn-500",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "fcn-500",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17900"
}
]
},
"cve": "CVE-2018-17900",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-128406",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "High"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-17900",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-670",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-128406",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller\u0027s maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A security vulnerability exists in several Yokogawa products due to improper protection of credentials by web applications. The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "VULHUB",
"id": "VHN-128406"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17900",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-151-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92639220",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-670",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128406",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"id": "VAR-201810-0487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128406"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:01:12.647000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-18-0004 STARDOM \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/19/6712/details/ysar-18-0004-j.pdf"
},
{
"title": "YSAR-18-0007: STARDOM\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-j.jp.pdf"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85788"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128406"
},
{
"db": "NVD",
"id": "CVE-2018-17900"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-03"
},
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-e.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17898"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92639220/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17898"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-128406"
},
{
"date": "2018-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2018-10-12T14:29:01.207000",
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"date": "2018-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-128406"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2019-10-09T23:37:01.190000",
"db": "NVD",
"id": "CVE-2018-17900"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARDOM Multiple vulnerabilities in controller",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-670"
}
],
"trust": 0.6
}
}
VAR-201807-0332
Vulnerability from variot - Updated: 2023-12-18 12:01Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller's maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa FCJ and the like are controllers used in network control systems by Yokogawa Corporation of Japan. There are security bypass vulnerabilities in various Yokogawa products. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service in the context of an affected device. Failed attempts will likely cause a denial-of-service condition. Yokogawa FCJ, etc. The following products and versions are affected: Yokogawa STARDOM FCJ R4.02 and earlier; FCN-100 R4.02 and earlier; FCN-RTU R4.02 and earlier; FCN-500 R4.02 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fcj",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "fcn-rtu",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "fcn-100",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "fcn-500",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "fcj \u003c=r4.02",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-100 \u003c=r4.02",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-rtu \u003c=r4.02",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-500 \u003c=r4.02",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-100",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "fcn-500",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "fcn-rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "fcj",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.02"
},
{
"model": "stardom fcj r4.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom fcj r4.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom fcj r1.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-rtu r4.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-500 r4.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-100 r4.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom fcj r4.10",
"scope": "ne",
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-rtu r4.10",
"scope": "ne",
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-500 r4.10",
"scope": "ne",
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fcn-100 r4.10",
"scope": "ne",
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fcj",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fcn 100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fcn rtu",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fcn 500",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "BID",
"id": "104376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10592"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VDLab of Venustech and Dongfang Electric Corporation (DEC)",
"sources": [
{
"db": "BID",
"id": "104376"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
],
"trust": 0.9
},
"cve": "CVE-2018-10592",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-12136",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-120367",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-10592",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "High"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-10592",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-12136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-808",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-120367",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-10592",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "VULHUB",
"id": "VHN-120367"
},
{
"db": "VULMON",
"id": "CVE-2018-10592"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller\u0027s maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa FCJ and the like are controllers used in network control systems by Yokogawa Corporation of Japan. There are security bypass vulnerabilities in various Yokogawa products. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service in the context of an affected device. Failed attempts will likely cause a denial-of-service condition. Yokogawa FCJ, etc. The following products and versions are affected: Yokogawa STARDOM FCJ R4.02 and earlier; FCN-100 R4.02 and earlier; FCN-RTU R4.02 and earlier; FCN-500 R4.02 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "BID",
"id": "104376"
},
{
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120367"
},
{
"db": "VULMON",
"id": "CVE-2018-10592"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10592",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-151-03",
"trust": 3.5
},
{
"db": "BID",
"id": "104376",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12136",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92639220",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F5A10F-39AB-11E9-B112-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120367",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-10592",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "VULHUB",
"id": "VHN-120367"
},
{
"db": "VULMON",
"id": "CVE-2018-10592"
},
{
"db": "BID",
"id": "104376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"id": "VAR-201807-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "VULHUB",
"id": "VHN-120367"
}
],
"trust": 0.09
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12136"
}
]
},
"last_update_date": "2023-12-18T12:01:12.698000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-18-0004 STARDOM \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/19/6712/details/ysar-18-0004-j.pdf"
},
{
"title": "YSAR-18-0007: STARDOM\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-j.jp.pdf"
},
{
"title": "A variety of Yokogawa product security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132867"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81326"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120367"
},
{
"db": "NVD",
"id": "CVE-2018-10592"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-03"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/104376"
},
{
"trust": 1.8,
"url": "https://web-material3.yokogawa.com/1/6712/details/ysar-18-0004-e.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17898"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92639220/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17898"
},
{
"trust": 0.3,
"url": "https://web-material3.yokogawa.com/1/6712/details/ysar-18-0004-e.pdf?_ga=2.1690613.59816134.1528173701-1842584293.1528173701"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "VULHUB",
"id": "VHN-120367"
},
{
"db": "VULMON",
"id": "CVE-2018-10592"
},
{
"db": "BID",
"id": "104376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"db": "VULHUB",
"id": "VHN-120367"
},
{
"db": "VULMON",
"id": "CVE-2018-10592"
},
{
"db": "BID",
"id": "104376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2f5a10f-39ab-11e9-b112-000c29342cb1"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"date": "2018-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-120367"
},
{
"date": "2018-07-31T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10592"
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104376"
},
{
"date": "2018-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2018-07-31T17:29:00.233000",
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"date": "2018-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12136"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120367"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10592"
},
{
"date": "2018-05-31T00:00:00",
"db": "BID",
"id": "104376"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2019-10-09T23:32:51.757000",
"db": "NVD",
"id": "CVE-2018-10592"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARDOM Multiple vulnerabilities in controller",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-808"
}
],
"trust": 0.6
}
}
VAR-201810-0489
Vulnerability from variot - Updated: 2023-12-18 12:01Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller's maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A session fixation vulnerability exists in several Yokogawa products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fcn-500",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "fcn-500",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17902"
}
]
},
"cve": "CVE-2018-17902",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-128408",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "High"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-17902",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-652",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128408",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller\u0027s maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A session fixation vulnerability exists in several Yokogawa products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "VULHUB",
"id": "VHN-128408"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17902",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-151-03",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92639220",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-652",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128408",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"id": "VAR-201810-0489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128408"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:01:12.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-18-0004 STARDOM \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/19/6712/details/ysar-18-0004-j.pdf"
},
{
"title": "YSAR-18-0007: STARDOM\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-j.jp.pdf"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85770"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128408"
},
{
"db": "NVD",
"id": "CVE-2018-17902"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-03"
},
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-e.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17898"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92639220/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17898"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128408"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-128408"
},
{
"date": "2018-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2018-10-12T14:29:01.423000",
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"date": "2018-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-128408"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2019-10-09T23:37:01.520000",
"db": "NVD",
"id": "CVE-2018-17902"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARDOM Multiple vulnerabilities in controller",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-652"
}
],
"trust": 0.6
}
}
VAR-201810-0485
Vulnerability from variot - Updated: 2023-12-18 12:01Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller's maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A security vulnerability exists in several Yokogawa products. Attackers can exploit this vulnerability to make the controller unable to run stably (memory exhaustion). The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fcn-500",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcj",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-100",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-500",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.02"
},
{
"model": "stardom fcn-rtu",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.10"
},
{
"model": "fcn-500",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-100",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcj",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
},
{
"model": "fcn-rtu",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.10"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcj_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-rtu_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-rtu:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:fcn-500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:fcn-500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17898"
}
]
},
"cve": "CVE-2018-17898",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-128403",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "JPCERT/CC",
"availabilityImpact": "Low",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-003717",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "High"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-17898",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-003717",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-669",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-128403",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128403"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable. Provided by Yokogawa Electric Corporation STARDOM There are multiple vulnerabilities in the controller. Provided by Yokogawa Electric Corporation STARDOM For small and medium-sized factories PLC Instrumentation system. STARDOM The controller contains several vulnerabilities: * * account ID And password information is hard-coded (CWE-798) - CVE-2018-10592 * * information leak (CWE-200) - CVE-2018-17900 * * Service disruption to remote management functions (DoS) (CWE-119) - CVE-2018-17902 * * Problems with hardcoded authentication information for maintenance functions (CWE-798) - CVE-2018-17896 * * Controller HTTP Service disruption to services (DoS) (CWE-119) - CVE-2018-17898The expected impact depends on each vulnerability, but can be affected as follows: * * A remote attacker can log into the controller and execute arbitrary commands - CVE-2018-10592 * * Authentication information for accessing the remote management function of the controller can be obtained by a remote third party - CVE-2018-17900 * * Remote operation by the remote party to the remote management function of the controller (DoS) Attack is done - CVE-2018-17902 * * A remote attacker logs in to the controller\u0027s maintenance function, acquires information, and falsifies - CVE-2018-17896 * * By a remote third party HTTP Service disruption to services (DoS) Attack is done - CVE-2018-17898. Yokogawa STARDOM Controllers FCJ, etc. are the controllers used in the basic network control system of Yokogawa Corporation of Japan. A security vulnerability exists in several Yokogawa products. Attackers can exploit this vulnerability to make the controller unable to run stably (memory exhaustion). The following products and versions are affected: Yokogawa STARDOM Controllers FCJ R4.10 and earlier; FCN-100 R4.10 and earlier; FCN-RTUR 4.10 and earlier; FCN-500 R4.10 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "VULHUB",
"id": "VHN-128403"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-151-03",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-17898",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU92639220",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-669",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128403",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128403"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"id": "VAR-201810-0485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128403"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:01:12.598000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-18-0004 STARDOM \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u30cf\u30fc\u30c9\u30b3\u30fc\u30c9\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/19/6712/details/ysar-18-0004-j.pdf"
},
{
"title": "YSAR-18-0007: STARDOM\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-j.jp.pdf"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85787"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128403"
},
{
"db": "NVD",
"id": "CVE-2018-17898"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-151-03"
},
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/ysar-18-0007-e.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17898"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92639220/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17900"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17902"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10592"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17896"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17898"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128403"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128403"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-128403"
},
{
"date": "2018-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2018-10-12T14:29:01.033000",
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"date": "2018-10-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-128403"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003717"
},
{
"date": "2019-10-09T23:37:00.910000",
"db": "NVD",
"id": "CVE-2018-17898"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "STARDOM Multiple vulnerabilities in controller",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-669"
}
],
"trust": 0.6
}
}