CVE-2018-17900 – This vulnerability in Yokogawa STARDOM Controll... (How to Fix)

Q: What is the severity of CVE-2018-17900?

CVE-2018-17900 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Yokogawa STARDOM Controllers allows attackers to obtain credentials due to improper protection in the web application. Attackers can use these credentials for remote access to industrial controllers. Affected systems include FCJ, FCN-100, FCN-RTU, and FCN-500 controllers running version R4.10 and earlier.

📋 TL;DR

This vulnerability in Yokogawa STARDOM Controllers allows attackers to obtain credentials due to improper protection in the web application. Attackers can use these credentials for remote access to industrial controllers. Affected systems include FCJ, FCN-100, FCN-RTU, and FCN-500 controllers running version R4.10 and earlier.

💻 Affected Systems

Products:

STARDOM FCJ
STARDOM FCN-100
STARDOM FCN-RTU
STARDOM FCN-500

Versions: All versions R4.10 and prior

Operating Systems: Controller firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected controllers with web interface enabled are vulnerable in default configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems allowing attackers to manipulate processes, cause physical damage, or disrupt critical infrastructure operations.

🟠

Likely Case

Unauthorized access to controller systems enabling data theft, configuration changes, or disruption of industrial processes.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing credential harvesting and controller access.

🌐 Internet-Facing: HIGH - Web application vulnerability that could be exploited remotely if controllers are exposed to the internet.

🏢 Internal Only: HIGH - Even internally, attackers with network access could exploit this to gain controller credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Credential exposure vulnerability that doesn't require authentication to exploit. Attackers can harvest credentials from improperly protected web application.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: R4.11 and later

Vendor Advisory: https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf

Restart Required: Yes

Instructions:

1. Download firmware update R4.11 or later from Yokogawa support portal. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart controller. 5. Verify firmware version and functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate controllers from untrusted networks and restrict access to web interface.

Disable Web Interface

all

Disable the vulnerable web application if not required for operations.

🧯 If You Can't Patch

Implement strict network segmentation to isolate controllers from untrusted networks
Deploy network monitoring and intrusion detection for credential harvesting attempts

🔍 How to Verify

Check if Vulnerable:

Check controller firmware version via web interface or management console. If version is R4.10 or earlier, system is vulnerable.

Check Version:

Check via controller web interface or use vendor-specific management tools to query firmware version.

Verify Fix Applied:

Verify firmware version is R4.11 or later. Test that credentials are no longer exposed through web application.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts
Unusual access patterns to web interface
Credential harvesting attempts

Network Indicators:

Unusual traffic to controller web ports
Credential extraction patterns in HTTP traffic

SIEM Query:

source_ip=controller_ips AND (http_method=GET AND uri_contains='credential' OR 'password') OR (failed_auth > threshold)

📊 Metadata

CVE ID: CVE-2018-17900

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

Published: October 12, 2018

Last Updated: November 21, 2024

🔗 References

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 Third Party Advisory,US Government Resource
https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 Third Party Advisory,US Government Resource
https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17900, you might also want to check these: