7.9

CVE-2022-29519

EPSS 0.15%
Published 28.06.2022 13:15:12
Last modified 21.11.2024 06:59:14
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Yokogawa ≫ Stardom Fcj Firmware Version >= r1.01 <= r4.31

Yokogawa ≫ Stardom Fcj Version-

Yokogawa ≫ Stardom Fcn Firmware Version >= r1.01 <= r4.31

Yokogawa ≫ Stardom Fcn Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.366

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.9	5.5	10	AV:A/AC:M/Au:N/C:C/I:C/A:C

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://jvn.jp/vu/JVNVU95452299/index.html

Third Party Advisory

VDB Entry

Mitigation

https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf

Vendor Advisory

Mitigation

https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf

Vendor Advisory

Mitigation

https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-29519

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29519

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29519

EUVD