. home.aspx



Yokogawa Stardom vulnerability leaves hardcoded creds in ICS controllers

June 01, 2018 / Michael Heller

A Yokogawa Stardom vulnerability leaves industrial control systems in critical infrastructure around the world at risk because of hardcoded credentials in the software. Industrial control systems around the world might be at risk as hardcoded credentials are found in flawed software. The Yokogawa Stardom vulnerability (CVE-2018-10592) affects the FCJ, FCN-100, FCN-RTU and FCN-500 controllers running firmware version R4.02 or earlier. These industrial control systems (ICS) are used around the world in various infrastructure capacities including the energy sector, food production and manufacturing. According to the security advisory for the Yokogawa Stardom vulnerability, an attacker could remotely log in with the hardcoded credentials and be able to execute system commands. The official advisory from Yokogawa and the advisory from ICS-CERT disagree slightly though: Yokogawa labels the issue as being of medium difficulty to exploit, while ICS-CERT notes that it takes "low skill leve...