Lucene search

JpcertCVE-2022-29519

HistoryJun 28, 2022 - 1:15 p.m.

CVE-2022-29519

2022-06-2813:15:12

CWE-319

jpcert

web.nvd.nist.gov

cve-2022-29519

stardom

fcn controller

fcj controller

vulnerability

cleartext transmission

sensitive information

adjacent attacker

device configuration

firmware tampering

nvd

CVSS2

7.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.

Affected configurations

Nvd

Vulners

Node

yokogawastardom_fcj_firmwareRanger1.01–r4.31

AND

yokogawastardom_fcjMatch-

Node

yokogawastardom_fcn_firmwareRanger1.01–r4.31

AND

yokogawastardom_fcnMatch-

VendorProductVersionCPE
yokogawastardom_fcj_firmware*cpe:2.3:o:yokogawa:stardom_fcj_firmware:*:*:*:*:*:*:*:*
yokogawastardom_fcj-cpe:2.3:h:yokogawa:stardom_fcj:-:*:*:*:*:*:*:*
yokogawastardom_fcn_firmware*cpe:2.3:o:yokogawa:stardom_fcn_firmware:*:*:*:*:*:*:*:*
yokogawastardom_fcn-cpe:2.3:h:yokogawa:stardom_fcn:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yokogawa	stardom_fcj_firmware	*	cpe:2.3:o:yokogawa:stardom_fcj_firmware::::::::
yokogawa	stardom_fcj	-	cpe:2.3:h:yokogawa:stardom_fcj:-:::::::*
yokogawa	stardom_fcn_firmware	*	cpe:2.3:o:yokogawa:stardom_fcn_firmware::::::::
yokogawa	stardom_fcn	-	cpe:2.3:h:yokogawa:stardom_fcn:-:::::::*

CNA Affected

[
  {
    "product": "STARDOM Controller",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU95452299/index.html

web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf

web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf

www.cisa.gov/uscert/ics/advisories/icsa-22-174-01

Social References

CVSS2

7.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

39.9%

JSON

Related for CVE-2022-29519