CVE DATABASE / CVE-2022-30997
CVE-2022-30997
CVSS 7.2 · HIGH
Summary
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
CVSS 3.1 breakdown
| Base score | 7.2 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | HIGH |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Yokogawa stardom fcj firmwareYokogawa stardom fcjYokogawa stardom fcn firmwareYokogawa stardom fcn
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://jvn.jp/vu/JVNVU95452299/index.html
- https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf
- https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.