Vulnerabilities > Yokogawa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-12 | CVE-2018-17902 | Session Fixation vulnerability in Yokogawa products Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. | 5.3 |
| 2018-10-12 | CVE-2018-17900 | Insufficiently Protected Credentials vulnerability in Yokogawa products Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. | 9.8 |
| 2018-10-12 | CVE-2018-17898 | Resource Exhaustion vulnerability in Yokogawa products Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. | 7.5 |
| 2018-10-12 | CVE-2018-17896 | Use of Hard-coded Credentials vulnerability in Yokogawa products Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. | 8.1 |
| 2018-07-31 | CVE-2018-10592 | Use of Hard-coded Credentials vulnerability in Yokogawa products Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution. | 9.8 |
| 2018-04-17 | CVE-2018-8838 | Unspecified vulnerability in Yokogawa products A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. | 6.5 |
| 2016-09-19 | CVE-2016-4860 | Improper Authentication vulnerability in Yokogawa Stardom Fcn/Fcj Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command. | 7.3 |