CVE-2018-17896 Information

Description

Yokogawa STARDOM Controllers FCJ FCN-100 FCN-RTU FCN-500 All versions R4.10 and prior The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1