Vulnerabilities > Yokogawa > FCN 500 Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-10-12 CVE-2018-17902 Session Fixation vulnerability in Yokogawa products
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
network
low complexity
yokogawa CWE-384
5.3
2018-10-12 CVE-2018-17900 Insufficiently Protected Credentials vulnerability in Yokogawa products
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
network
low complexity
yokogawa CWE-522
critical
9.8
2018-10-12 CVE-2018-17898 Resource Exhaustion vulnerability in Yokogawa products
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests.
network
low complexity
yokogawa CWE-400
7.5
2018-10-12 CVE-2018-17896 Use of Hard-coded Credentials vulnerability in Yokogawa products
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information.
network
high complexity
yokogawa CWE-798
8.1
2018-07-31 CVE-2018-10592 Use of Hard-coded Credentials vulnerability in Yokogawa products
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
network
low complexity
yokogawa CWE-798
critical
9.8