Description
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
References (4)
Core 4
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf
Mitigation, Vendor Advisory x_refsource_misc
https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf
Mitigation, Third Party Advisory, VDB Entry x_refsource_misc
https://jvn.jp/vu/JVNVU95452299/index.html
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01
Scores
CVSS v3
7.2
EPSS
0.0114
EPSS Percentile
62.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (2)
yokogawa/stardom_fcj_firmware
r4.10 - r4.31
yokogawa/stardom_fcn_firmware
r4.10 - r4.31
Published
Jun 28, 2022
Tracked Since
Feb 18, 2026