Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.
References
Link | Resource |
---|---|
https://jvn.jp/vu/JVNVU95452299/index.html | Mitigation Third Party Advisory VDB Entry |
https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf | Mitigation Vendor Advisory |
https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf | Mitigation Vendor Advisory |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
History
08 Jul 2022, 14:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf - Mitigation, Vendor Advisory | |
References | (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01 - Mitigation, Third Party Advisory, US Government Resource | |
References | (MISC) https://jvn.jp/vu/JVNVU95452299/index.html - Mitigation, Third Party Advisory, VDB Entry | |
References | (MISC) https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:o:yokogawa:stardom_fcj_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:yokogawa:stardom_fcn:-:*:*:*:*:*:*:* cpe:2.3:h:yokogawa:stardom_fcj:-:*:*:*:*:*:*:* cpe:2.3:o:yokogawa:stardom_fcn_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.9
v3 : 7.5 |
First Time |
Yokogawa
Yokogawa stardom Fcj Yokogawa stardom Fcn Firmware Yokogawa stardom Fcn Yokogawa stardom Fcj Firmware |
|
CWE | CWE-319 |
28 Jun 2022, 13:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-28 13:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29519
Mitre link : CVE-2022-29519
CVE.ORG link : CVE-2022-29519
JSON object : View
Products Affected
yokogawa
- stardom_fcn
- stardom_fcj
- stardom_fcj_firmware
- stardom_fcn_firmware
CWE
CWE-319
Cleartext Transmission of Sensitive Information