Critical vulnerability in Yokogawa STARDOM controllers

A critical vulnerability has been identified in the STARDOM line of Yokogawa industrial controllers. Successful exploitation of the vulnerability could enable attackers to gain remote access to the device and lead to arbitrary code execution.

The vulnerability affects the following device models:

• FCJ
• FCN-100
• FCN-RTU
• FCN-500

The vulnerability affects versions R4.02 and earlier of the above products. All of these versions have hard-coded credentials that attackers could use to execute system commands.

The vulnerability has been assigned CVE-2018-10592. Its CVSS v.3 base score is 9.8.

To correct the vulnerability, Yokogawa recommends that users should upgrade FCN/FCJ controller firmware to version R4.10 or later.

Source: Yokogawa