Yokogawa STARDOM Controllers (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain access to the affected device, cause a denial of service, or gain unauthorized access, which could result in remote arbitrary code execution.

CVEs (5)

Remediations

• Yokogawa has recommended users upgrade the FCN/FCJ software to Version R4.20 or later and reports that some vulnerabilities are remediated in that version. Yokogawa has determined the fix for the memory exhaustion vulnerability is provided by that revision. For the remaining vulnerabilities of insufficiently protected credentials, session fixation, and use of hard-coded credentials, Yokogawa recommends users employ the packet filter function in FCN and recommend restricting communication to only the appropriate source. Furthermore, Yokogawa recommends users take measures with the network so communication data cannot be captured by untrusted third parties. Yokogawa strongly suggests all users introduce appropriate security measures not only for the vulnerabilities identified, but to the overall system.
• Yokogawa recommends users with questions related to this report (or on obtaining the updates) please utilize the product inquiry contact details
• Yokogawa's Security Advisory Report, YSAR-18-0004: Vulnerability of hardcoded password in STARDOM controllers, and YSAR-18-0007: Vulnerabilities in STARDOM controllers and other Yokogawa security reports are available
• Additionally, for questions related to these reports, please contact

Affected Vendors

Affected Products (8)

Affected Sectors

Critical Manufacturing, Energy, and Food and Agriculture