9.3

CVE-2018-17896

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
YokogawaFcj Firmware Version <= r4.10
   YokogawaFcj Version-
YokogawaFcn-100 Firmware Version <= r4.10
   YokogawaFcn-100 Version-
YokogawaFcn-rtu Firmware Version <= r4.10
   YokogawaFcn-rtu Version-
YokogawaFcn-500 Firmware Version <= r4.10
   YokogawaFcn-500 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.451
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03
Third Party Advisory
US Government Resource