10
CVE-2018-10592
- EPSS 6.94%
- Veröffentlicht 31.07.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:41:37
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginYokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yokogawa ≫ Fcj Firmware Version <= r4.02
Yokogawa ≫ Fcn-100 Firmware Version <= r4.02
Yokogawa ≫ Fcn-rtu Firmware Version <= r4.02
Yokogawa ≫ Fcn-500 Firmware Version <= r4.02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.94% | 0.933 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-798 Use of Hard-coded Credentials
The product contains hard-coded credentials, such as a password or cryptographic key.
http://www.securityfocus.com/bid/104376
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03
https://web-material3.yokogawa.com/1/6712/details/YSAR-18-0004-E.pdf