CVE-2018-17896

EPSS 1.22%
Veröffentlicht 12.10.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:55:09
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yokogawa ≫ Fcj Firmware Version <= r4.10

Yokogawa ≫ Fcj Version-

Yokogawa ≫ Fcn-100 Firmware Version <= r4.10

Yokogawa ≫ Fcn-100 Version-

Yokogawa ≫ Fcn-rtu Firmware Version <= r4.10

Yokogawa ≫ Fcn-rtu Version-

Yokogawa ≫ Fcn-500 Firmware Version <= r4.10

Yokogawa ≫ Fcn-500 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.22%	0.646

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03

Third Party Advisory

US Government Resource

https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-17896

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17896

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17896

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-17896