34 matches found
Design/Logic Flaw
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware...
CVE-2022-30997
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware...
CVE-2022-30997
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware...
CVE-2022-30997
CVE-2022-30997 affects Yokogawa STARDOM FCN/FCJ controllers (R4.10–R4.31). The root cause is hard-coded credentials, enabling an attacker with administrative privileges to read/change configuration settings or update the controller with tampered firmware. Public sources from NVD/Red Hat add detai...
CVE-2022-29519
CVE-2022-29519 affects Yokogawa STARDOM FCN/FCJ controllers (R1.01–R4.31; dual CPU modules R4.10–R4.31) and involves cleartext transmission of sensitive information, enabling an adjacent attacker to read/alter configuration or tamper firmware. The issue is complemented by CVE-2022-30997 (hard-cod...
CVE-2022-29519
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware...
CVE-2018-17900
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers...
CVE-2018-17902
The CVE-2018-17902 entry applies to Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, and FCN-500 (R4.10 and prior). The issue is due to multiple session-management methods that could lead to a denial of service of remote management functions (Session Fixation/Wrong handling). The ICS advisory ...
CVE-2018-17900
Yokogawa STARDOM Controllers (FCJ, FCN-100, FCN-RTU, FCN-500; all versions R4.10 and prior) are affected by CVE-2018-17900 due to the web application’s insufficient protection of credentials, enabling an attacker to obtain remote-access credentials. The issue stems from inadequate credential hand...
CVE-2018-17896
CVE-2018-17896 affects Yokogawa STARDOM controllers FCJ, FCN-100, FCN-RTU, FCN-500 (versions R4.10 and earlier). The vulnerability stems from hard-coded credentials that could allow an attacker to gain unauthorized maintenance access and view/modify information, with exploitation possible during ...
CVE-2018-17898
CVE-2018-17898 affects Yokogawa STARDOM Controllers (FCJ, FCN-100, FCN-RTU, FCN-500) on R4.10 and earlier. The issue is memory exhaustion caused by unauthorized requests, potentially making the controller unstable. Update/mitigation: Yokogawa states the memory exhaustion vulnerability is addresse...
CVE-2016-4860
Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a 1 stop application program, 2 change value, or 3 modify application command...
CVE-2016-4860
Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a 1 stop application program, 2 change value, or 3 modify application command...
CVE-2016-4860
CVE-2016-4860 affects Yokogawa STARDOM FCN/FCJ controllers (R1.01–R4.01). The root cause is an authentication bypass in Logic Designer connections, allowing remote attackers to reconfigure the device or trigger a denial of service (stop application program, change value, modify application comman...